Gossamer Forum
Home : Products : Gossamer Links : Discussions :

3.3.0 Reviews Bug

Quote Reply
3.3.0 Reviews Bug
Since the upgrade punctuation marks are not displaying correctly.

Example:

Code:
don't

displays in the review as:

Code:
don't
Quote Reply
Re: [MJB] 3.3.0 Reviews Bug In reply to
We changed the review_include.html template to html escape all user input to prevent XSS vulnerabilities. This was intentional.

Adrian
Quote Reply
Re: [brewt] 3.3.0 Reviews Bug In reply to
So if I go back to <% Review_Contents%> instead of <%escape_html Review_Contents%> will that display the punctuation correctly?
Quote Reply
Re: [MJB] 3.3.0 Reviews Bug In reply to
Scrap the last, I had a typo in my updated template. I had <%escape_html Review_Contents%> in twice when the first on should have been <%Review_Contents%>. Now I've changed it it displays correctly. Blush
Quote Reply
Re: [MJB] 3.3.0 Reviews Bug In reply to
Just realize that you are opening up your site to XSS vulnerabilities by doing this. Make sure you understand how XSS vulnerabilities work and you validate all reviews.

Adrian
Quote Reply
Re: [brewt] 3.3.0 Reviews Bug In reply to
All additions, reviews, modifications, etc. are checked and validated manually.