Currently, badges can be given a tag named like <h1>foo</h1>. This did trigger an error, which was fixed by allowing slashes in tag names.
However, even though the HTML is properly escaped when displayed, we may want to consider rejecting or filtering tag names with what looks like HTML data.
But, I'd like to be generous in what's allowed in tag names. Sometimes using slashes, spaces, colons, and other punctuation can be useful in building tagging schemes.
Currently, badges can be given a tag named like
<h1>foo</h1>
. This did trigger an error, which was fixed by allowing slashes in tag names.However, even though the HTML is properly escaped when displayed, we may want to consider rejecting or filtering tag names with what looks like HTML data.
But, I'd like to be generous in what's allowed in tag names. Sometimes using slashes, spaces, colons, and other punctuation can be useful in building tagging schemes.