Open iceberg901 opened 11 years ago
originally logged for the front end by @matyus
Here's the original tweet:
Origin: https://twitter.com/LaughingSquid/status/269160511109750784
And look how we end up with & in the message text on our end instead of &
{ status: 200, result: { id: "50a54487d104120f6700794c", public: true, messages: [ { id: "50a54487d104120f6700794d", nickname: "laughingsquid", realname: "laughingsquid", user_image_url: "http://api.tumblr.com/v2/blog/laughingsquid.tumblr.com/avatar/512", text: "A Supercut of Gustavo Almadovar Saying His Name Again & Again", origin_network: "tumblr", origin_id: "35786945253", origin_user_id: "laughingsquid", user_id: "4fc637879a725b755d001f75", public: true, user_has_shelby_avatar: false, created_at: "1h ago" } ] } }
The front end has to be on the lookout for maliciously injected HTML, so it will have to escape this & and display it as those literal characters.
http://grab.by/hyFk
I don't think this should happen on the backend though. I don't see why we should end up with this kind of escaped text in the db. The backend should, it seem, just have & in the message text and then the front end would render it correctly.
originally logged for the front end by @matyus
Here's the original tweet:
Origin: https://twitter.com/LaughingSquid/status/269160511109750784
And look how we end up with & in the message text on our end instead of &
The front end has to be on the lookout for maliciously injected HTML, so it will have to escape this & and display it as those literal characters.
http://grab.by/hyFk
I don't think this should happen on the backend though. I don't see why we should end up with this kind of escaped text in the db. The backend should, it seem, just have & in the message text and then the front end would render it correctly.