Next-gen fails with HTML special characters

Description

Creating a talk in the next-gen version of the site with a less-than sign in the title truncates the title from that point on. The legacy version correctly handles this.

Activity

Show:

We could remove the sanitization, and rely on API clients to properly escape output, but it would create a security hole e.g. in the legacy website. If we escape the title here, Edit Talk will probably break.

Giorgio SironiJune 29, 2017 at 6:15 PM

Confirmed, can be reproduced locally e.g. creating a talk named "The wonders of <blink>"

Giorgio SironiJune 29, 2017 at 5:08 PM

Trying to reproduce on the Vagrant VM.

Details
Assignee
Giorgio Sironi
Reporter
Omni Adams
Labels
Components
Priority
Major

Created April 4, 2017 at 3:50 PM

Updated June 29, 2017 at 7:21 PM

Next-gen fails with HTML special characters

Description

Activity

Giorgio SironiJune 29, 2017 at 7:21 PM

Giorgio SironiJune 29, 2017 at 6:48 PM

Giorgio SironiJune 29, 2017 at 6:43 PM

Giorgio SironiJune 29, 2017 at 6:15 PM

Giorgio SironiJune 29, 2017 at 5:08 PM

DetailsAssigneeGiorgio SironiGiorgio SironiReporterOmni AdamsOmni AdamsLabelseasypickComponentsPriorityMajor

Details

Assignee

Reporter

Labels

Components

Priority

Details
Assignee
Giorgio Sironi
Reporter
Omni Adams
Labels
Components
Priority
Major