HTML encoding present in titles
Opened this issue · 2 comments
MoralCode commented
https://pawprints.rit.edu/?p=3416 is an example.
This seems like it might be a bug with how user-input content is escaped and displayed. This also may have some larger security implications if fixed incorrectly
Sma-Das commented
This is an issue with bleach from Django. I do not believe there are any associated security issues currently but it is worth investigating
MoralCode commented
thanks for the tip!
i was thinking security in the sense that if we allow too much HTML to be actually rendered by the user, it could be a situation where someone could put a malicious <script>
tag in the title or something, but i this is handled by a django library they probably thought of that