search

northk / twitterfeed

ExpressionEngine module which grabs, caches and displays a public user timeline from Twitter
6 stars 1 forks source link

HTML Character Entities #2

Open paynecodes opened 12 years ago

paynecodes commented 12 years ago

Just tested a tweet with the & symbol and it displayed &

I would help if I had any PHP chops :) Sorry.

northk commented 12 years ago

Hi jpdesigndev,

Can you give me the Twitter user name for the (public) feed that exhibits this display problem? I suspect it's because I applied Mutual Suspicion to the tweet content. I considered all tweet content potentially unsafe and called htmlentities() to convert stuff like & into & to prevent cross-site scripting attacks.

It's likely that I don't really need to do this; I could consider the tweet content safe instead. Or, perhaps I'm on the right track but have a bug in my code around html entities. Thanks for reporting.

paynecodes commented 12 years ago

Oh my, I'm sorry to have done this. I missed the email/spam box/forgot or something.

@AUGIET is the username.