Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When using special characters (", >, <) #12

Closed
manuel-rubio opened this issue Jul 16, 2020 · 0 comments · Fixed by #16
Closed

When using special characters (", >, <) #12

manuel-rubio opened this issue Jul 16, 2020 · 0 comments · Fixed by #16
Labels
enhancement New feature or request

Comments

@manuel-rubio
Copy link

The encapsulation for HTML is this:

<span class="tag is-rounded" data-value="[email protected]">
    [email protected]
    <div class="delete is-small" data-tag="delete"></div>
</span>

But if we use special characters, for example insert something like: "Email" <[email protected]> ... then:

<span class="tag is-rounded" data-value="" Email"="" <email@email.com="">"&gt;
    "Email" <email@email.com>
    <div class="delete is-small" data-tag="delete"></div>
</email@email.com></span>

It's completely broken! I think it needs a bit of sanitizing for input.
@CreativeBulma CreativeBulma added the enhancement New feature or request label Aug 11, 2020
mieko added a commit to mieko/bulma-tagsinput that referenced this issue Sep 23, 2020
@mieko
Escape HTML in templates.
ade3916 
Closes CreativeBulma#12
mieko added a commit to mieko/bulma-tagsinput that referenced this issue Sep 23, 2020
@mieko
Escape HTML in templates.
5978f92 
Closes CreativeBulma#12
mieko added a commit to mieko/bulma-tagsinput that referenced this issue Sep 23, 2020
@mieko
Escape HTML in templates.
e8043b7 
Closes CreativeBulma#12
mieko added a commit to mieko/bulma-tagsinput that referenced this issue Sep 27, 2020
@mieko
fix(js): Escape HTML in templates
8815b91 
Closes CreativeBulma#12
@mieko mieko mentioned this issue Sep 27, 2020
Merged
mieko added a commit to mieko/bulma-tagsinput that referenced this issue Sep 27, 2020
@mieko
fix(js): Escape HTML in templates
3fb7f65 
Closes CreativeBulma#12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(js): Escape HTML in templates mieko/bulma-tagsinput
2 participants
@manuel-rubio @CreativeBulma