Open jgmac1106 opened 5 years ago
jeremycherfas
commented
5 years ago This has been an issue for a long time. I did work around it for a while but was told that my change could represent a security risk. I know there are better ways of sanitising the HTML input but have not explored further.
jgmac1106
commented
5 years ago Wondering if we could just switch the controller to false... Though would lose auto hashtag and url entry.
On Mon, Dec 31, 2018, 11:04 AM jeremycherfas notifications@github.com wrote:
This has been an issue for a long time. I did work around it for a while but was told that my change could represent a security risk. I know there are better ways of sanitising the HTML input but have not explored further.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/idno/known/issues/2312#issuecomment-450662333, or mute the thread https://github.com/notifications/unsubscribe-auth/AKC-pkxlNeI69pqkTZXuU49M8jcKaiVRks5u-jV5gaJpZM4ZlWg7 .
When micropub clients send HTML to be published as a note the rich text editor built into status updates renders the HTML as plain text.