Closed KarbonDallas closed 13 years ago
Can you be more specific?
e.g.
Ahh, it should be a trivial fix. I'm not sure where the actual escaping is happening though.
On twitter.
https://github.com/bmeck/jsentities require('JS-Entities').html.[en,de]code(...) ?
Should this be optional?
On Sat, May 21, 2011 at 7:40 AM, emilyrose reply@reply.github.com wrote:
Kohai does not parse html entities. I think it should, no?
>, <, etc...
Reply to this email directly or view it on GitHub: https://github.com/nodejitsu/kohai/issues/28
I'm not sure that it's really necessary to worry about much more than <, >
. From what I've seen, twitter doesn't escape that which can't be used for injection (and it didn't even do that for a time).
Kohai does not parse html entities. I think it should, no?
>, <, etc...