admin.openmhz.com is overly aggressive with its character stripping in titles and descriptions #157
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
It's very hard to write a coherent description for a feed as it strips things like parenthesis, line feeds, and others.
For instance, if I type a feed title like this:
it becomes:
If I try to add line feeds to a feed description to separate out areas, they get removed putting all the text into one continuous blob. (Interestingly, line feeds are preserved if I edit the description, but parenthesis are stripped out completely.)
It looks like all of these characters get stripped when saving:
~!@#$%^&*()+=``~"'<>?/\|.Surely there's a way to be less heavy-handed here by not stripping these characters out. (I'm assuming this is some sort of injection or XSS defense-in-depth, but there's plenty of mitigations for this that don't involve discarding user input.)
The text was updated successfully, but these errors were encountered: