Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allow titles for abbreviation elements #184

Merged
merged 1 commit into from Sep 18, 2019
Merged

allow titles for abbreviation elements #184

merged 1 commit into from Sep 18, 2019

Conversation

@robjloranger
Copy link
Member

robjloranger commented Sep 18, 2019

this allows abbreviation elements to keep their title attributes when
containing special characters.

(Originally reported on the forum)


  • I have signed the CLA
this allows abbreviation elements to keep their title attributes when
containing special characters.
@robjloranger
Copy link
Member Author

robjloranger commented Sep 18, 2019

I double checked this allow rule still prevents common XSS attack vectors. Like closing the title attribute and inserting an onload, or closing the element entirely and injecting a new element like script. This either omits the abbreviation element entirely or just renders some of the contents as text on the page. Harmless either way.

But now titles such as "This is a title: with a sub tile" render as expected.

Copy link
Member

thebaer left a comment

Awesome, thanks!

@thebaer thebaer merged commit 66974dc into develop Sep 18, 2019
2 checks passed
2 checks passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
@thebaer thebaer deleted the title-attrs branch Sep 18, 2019
@thebaer thebaer added this to the 0.11 milestone Sep 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.