AndreaUnlimited
commented
8 years ago It can and does break the site, I know, someone managed to do it. I will add some rules about what html tags you can use at some point!
Closed BarefootSelkie closed 7 years ago
AndreaUnlimited
commented
8 years ago It can and does break the site, I know, someone managed to do it. I will add some rules about what html tags you can use at some point!
Cassolotl
commented
8 years ago Markdown! I vote for markdown.
fallax
commented
8 years ago +1 Markdown sounds like a very sensible approach.
fallerOfFalls
commented
8 years ago +1 Markdown
fallax
commented
8 years ago Changed this to "bug" as this is a security issue - the fields need to be reviewed to make sure they aren't vunerable to various injection attacks (e.g. a "Little Bobby Tables" SQL injection attack) before we get many more users.
Cassolotl
commented
8 years ago Andréa says the site is safe from SQL injection attacks, so this isn't a security issue, so I'm removing the label.
AndreaUnlimited
commented
8 years ago I said "probably". But in any case it's a very different issue.
Cassolotl
commented
8 years ago We now have fancy text boxes on https://www.starfriends.org/edit/profile :
Cassolotl
commented
7 years ago So, the problem in this issue originally was that people were entering HTML tags into their profile boxes in order to make their profiles interesting, and sometimes it would break things outside of the profile boxes just on the same page.
The new fancy text boxes resolve this issue, so I will close it. The security thing is a separate issue, and Andréa is aware of it.
It's possible to put code into the profile boxes, not sure if this can be used to break the site, either accidenty or maciliously, as I've not tried anything much as I don't want to risk damaging the site. But something that needs testing on a non-live site.