Closed BarefootSelkie closed 7 years ago
It can and does break the site, I know, someone managed to do it. I will add some rules about what html tags you can use at some point!
Markdown! I vote for markdown.
+1 Markdown sounds like a very sensible approach.
+1 Markdown
Changed this to "bug" as this is a security issue - the fields need to be reviewed to make sure they aren't vunerable to various injection attacks (e.g. a "Little Bobby Tables" SQL injection attack) before we get many more users.
Andréa says the site is safe from SQL injection attacks, so this isn't a security issue, so I'm removing the label.
I said "probably". But in any case it's a very different issue.
We now have fancy text boxes on https://www.starfriends.org/edit/profile :
So, the problem in this issue originally was that people were entering HTML tags into their profile boxes in order to make their profiles interesting, and sometimes it would break things outside of the profile boxes just on the same page.
The new fancy text boxes resolve this issue, so I will close it. The security thing is a separate issue, and Andréa is aware of it.
It's possible to put code into the profile boxes, not sure if this can be used to break the site, either accidenty or maciliously, as I've not tried anything much as I don't want to risk damaging the site. But something that needs testing on a non-live site.