2.5.0RC4 - Announcement System [message #10649] |
Fri, 06 June 2003 04:06 |
|
Xodnizel
Messages: 73 Registered: May 2003
Karma: 0
|
Member |
|
|
In the announcement system, under the list of eannouncements, the Subject and Bodies aren't escaped for html. This really needs to be done, because fudforum truncates the body when it's displayed in that format, leading to some unpleasant results(tags aren't closed, and tags can be interrupted). Here is the HTML from the generated page, if you're curious as to what happens:
<tr bgcolor="#ffb5b5"><td>Introduction</td><td>& lt;font size="2" face="Verd...</td><td>June 6, 2003</td><td>December 31, 1969</td><td>[<a href="admannounce.php?edit=1&">Edit</a>] [<a href="admannounce.php?del=1&">Delete</a>]</td> </tr>
The starting text of my announcement is:
<font size="2" face="Verdana, Arial, Helvetica, sans-serif">
(That's where the <font ...> bit comes from in the code quote.)
|
|
|
Re: 2.5.0RC4 - Announcement System [message #10658 is a reply to message #10649] |
Fri, 06 June 2003 12:38 |
Ilia
Messages: 13241 Registered: January 2002
Karma: 0
|
Senior Member Administrator Core Developer |
|
|
The announcments are intentionally not sanitized for HTML to allow the admins to include HTML in their announcment. This is not a bug but rather a feature to allow for greater functionality.
On the admin control panel I do see your point and will add HTML sanitation there.
FUDforum Core Developer
|
|
|