[buddypress-trac] [BuddyPress] #983: HTML in profile name field broken again

Thu Jan 7 09:07:21 UTC 2010

#983: HTML in profile name field broken again
-------------------------+--------------------------------------------------
  Reporter:  Magganpice  |       Owner:               
      Type:  defect      |      Status:  reopened     
  Priority:  major       |   Milestone:               
Resolution:              |    Keywords:  HTML, profile
-------------------------+--------------------------------------------------
Changes (by Magganpice):

  * keywords:  => HTML, profile
  * status:  closed => reopened
  * resolution:  fixed =>

Comment:

 Sorry, I have to reopen this old and multiple times fixed ticket.

 I think I have to insist that this be fixed on the INPUT side (as opposed
 to fixing it on the OUTPUT side). The only way to really fix this is on
 the INPUT side otherwise this problem will always keep coming up.

 How to reproduce on testbp.org today (2010-01-07):

 - in your profile, put something like "<strong><a><blockquote>Firstname
 Lastname" in your name field
 - then, for instance reply to someone's status
 - this bad HTML will appear infront of your name
 - and in your profile your name will be "strong"

 It will not be the solution to run around fixing all output code for
 profile names throughout the system. HTML must be stripped out when
 someone saves his profile changes. This way, the HTML will never be saved
 to the database and appear nowhere.

 Please do not just fix this on the output side again, thanks :-)

-- 
Ticket URL: <http://trac.buddypress.org/ticket/983#comment:5>
BuddyPress <http://buddypress.org/>
BuddyPress