Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTML encoding present in titles #153

Open
MoralCode opened this issue Mar 7, 2023 · 2 comments
Open

HTML encoding present in titles #153

MoralCode opened this issue Mar 7, 2023 · 2 comments

Comments

@MoralCode
Copy link
Contributor

https://pawprints.rit.edu/?p=3416 is an example.

This seems like it might be a bug with how user-input content is escaped and displayed. This also may have some larger security implications if fixed incorrectly
@Sma-Das
Copy link
Collaborator

Sma-Das commented Mar 9, 2023

This is an issue with bleach from Django. I do not believe there are any associated security issues currently but it is worth investigating

@MoralCode
Copy link
Contributor Author

thanks for the tip!

i was thinking security in the sense that if we allow too much HTML to be actually rendered by the user, it could be a situation where someone could put a malicious <script> tag in the title or something, but i this is handled by a django library they probably thought of that

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MoralCode @Sma-Das