[OpenStreetMap] #4117: Text between "<" and ">" not shown in private messages on website
OpenStreetMap
trac at openstreetmap.org
Thu Dec 1 19:07:02 GMT 2011
#4117: Text between "<" and ">" not shown in private messages on website
------------------------------+---------------------------------------------
Reporter: Kurt Krampmeier | Owner: rails-dev@…
Type: defect | Status: reopened
Priority: major | Milestone:
Component: website | Version:
Resolution: | Keywords:
------------------------------+---------------------------------------------
Changes (by Kurt Krampmeier):
* status: closed => reopened
* resolution: wontfix =>
Comment:
Wow, allowing HTML is so wrong. While you seem to have a quite good job in
filtering dangerous parts, really fixing this behavior still should be
reconsidered, since the messages are also sent as plain text mails and you
can also answer these messages through email. Nobody would use HTML markup
in plaintext mails
I also would not have figured out, that you can use some (undocumented?)
HTML subset in the web interface. I guess, the majority of the users (who
could write HTML) do not either. I expected this problem to be caused by
incorrectly stripping HTML content instead of encoding dangerous
characters.
While it might break some single older messages and blog posts, HTML
support still should be removed. It think it causes much much more harm
than good. Breaking of old messages could even be completely avoided by
keeping the current behaviour for old messages and using a sane behaviour
for future messages.
Is there really no chance to get this fixed?
--
Ticket URL: <https://trac.openstreetmap.org/ticket/4117#comment:2>
OpenStreetMap <http://www.openstreetmap.org/>
OpenStreetMap is a free editable map of the whole world
More information about the rails-dev
mailing list