Closed texnixe closed 7 years ago
I found the issue: The htmlspecialchars()
in this line is responsible for it.
Looks like the same change is also the reason for other issues. Because the change itself is useful, I don't think simply reverting would help. @bastianallgeier?
@lukasbestle I agree! It's simply more secure that way. I think I already fixed all the field issues and I just introduced a new way of defining unescaped attributes to also fix this issue. I think it's more reasonable to give this option, but still keep the default more secure.
https://forum.getkirby.com/t/kirby-2-4-0-are-e-mail-addresses-double-obfuscated/5727