HTML in username field for quotes not sanitized at all
-
@
The username field is not santized at all.
said:This is clearly not a good thing
[quote="In fact you can do a lot of things with this. Like links"]
Or completely breaking the HTML of the post
[/quote]@</aside> said:
HIIIIII
What's up?Raw:
@<h1>The username field is not santized at all.</h1> said:<blockquote>Or completely breaking the HTML of the post</blockquote> [quote="<a href="what.thedailywtf.com">In fact you can do a lot of things with this. Like links</a>"] This is clearly not a good thing [/quote] @</div></aside></div></div></div> said:<blockquote>HIIIIII</blockquote> What's up?
Further testing attempts found here: http://what.thedailywtf.com/t/ssssssanitization-ffffffailure/47444/9
-
[quote="
sloosecannon"][/quote]
I wonder....
edit: No.
-
Been there, done that, got the t-shirt, no dice
-
Should we just add a "fa-spin" button left of "raw" at this point?
-
The Good Ideas thread is
-
@
The Good Ideas thread is said:
The Good Ideas thread is
Nested quotes!