You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What is this feature about (expected vs actual behaviour)?
JavaScript elements will be removed in pre/code environment. In my opinion, content in pre/code tags should be left untouched (apart from character escaping).
I'm not sure if it's a bug or intended behaviour. Maybe I should not use anti-xss on pre/code tags? This would make the usage much more complicated, because it's not possible anymore to insert any html into the xss_clean() function.
The text was updated successfully, but these errors were encountered:
What is this feature about (expected vs actual behaviour)?
JavaScript elements will be removed in pre/code environment. In my opinion, content in pre/code tags should be left untouched (apart from character escaping).
How can I reproduce it?
Result:
Does it take minutes, hours or days to fix?
I don't know.
Any additional information?
I'm not sure if it's a bug or intended behaviour. Maybe I should not use anti-xss on pre/code tags? This would make the usage much more complicated, because it's not possible anymore to insert any html into the xss_clean() function.
The text was updated successfully, but these errors were encountered: