HTML-Tags in info

[michis0806]

Hi,
I just updated to Podlove Publisher 2.7 beta with the new beta of the web-player. I realized, that HTML-Tags are shown escaped in the expanded info-area

e.G. https://technikblase.fm/2017/10/28/tb059-subscribe9/

Any thoughts on that? Am I doing something wrong?

Thanks a lot
Michael

[alexander-heimbuch]

Nope, that is by intention. The thing with adding HTML in content is a security problem. Modern view renderers like react, angular and vue escape html. If I enable HTML within provided I also enable the possibility of cross site scripting. I know that is very strict but ensures to keep your site safe.

Still I want to enable you structuring your info. And will keep this issue as a ticket.

[michis0806]

Hi Alex, I understand your intention. Maybe I didn't explain my problem understandable or "escaped" was the wrong term. Right now, the HTML is shown inline like Wir besuchen die Subscribe9 in München.<br /> <br /> Links:<br /> <br /> https://subscribe.de<br /> BR Podcast-Projekt &#8220;Call for Podcasts&#8221;<br />... when I replace the
'summary' => nl2br(wptexturize(convert_chars(trim($episode->summary)))), with a
'summary' => strip_tags(wptexturize(trim($episode->summary))),
in line 84 in the html5printer.php it looks better to me...

Michael