Closed Noziro closed 4 years ago
Currently users can insert any HTML into their forum posts and just have it work. This is obviously a security risk, as well as just being ugly. Fix it!
This probably also applies to things such as usernames, so make sure to test this.
Fixed in 65713af08faf98453a373b8dd3195238a24fd0cb
Just remember to add sanitizing to future user in/outputs.
Currently users can insert any HTML into their forum posts and just have it work. This is obviously a security risk, as well as just being ugly. Fix it!
This probably also applies to things such as usernames, so make sure to test this.