Home  >   Forum Home  >  Technical Support Forums  >  Technical Support  >  Thread
   
 
Can arbitrary html code be inserted into the title field of SAEFs?
 
Adam George
Posted: 03 July 2008 01:58 AM   [ Ignore ]  
Research Assistant
Avatar
RankRankRank
Total Posts:  576
Joined  12-10-2006

According to the following thread, arbitrary html code can be inserted into the title field of SAEFs.

I just wanted to check if this is still a problem in the latest build/version?

http://expressionengine.com/forums/viewthread/30949/
Profile
 
 
Robin Sowell
Posted: 03 July 2008 08:50 AM   [ Ignore ]   [ # 1 ]  
Moderator
Avatar
RankRankRankRankRankRankRank
Total Posts:  22382
Joined  05-20-2002

Just tested sticking a <b> in the title and it was stripped, so looks like it.

And just a note- it was always run through the xss filter.  Just not stripped of html.

That help?

 Signature 

AKA rob1

Help Request TipsPro Network
Profile
 
 
Adam George
Posted: 03 July 2008 11:59 AM   [ Ignore ]   [ # 2 ]  
Research Assistant
Avatar
RankRankRank
Total Posts:  576
Joined  12-10-2006

Thanks Robin
Profile
 
 
Ingmar Greil
Posted: 03 July 2008 03:49 PM   [ Ignore ]   [ # 3 ]  
Moderator
Avatar
RankRankRankRankRankRankRank
Total Posts:  14066
Joined  05-15-2004

Closing this one out. If anything else comes up, you know where we are smile

 Signature 

Everything will be good in the end. If it’s not good, it’s not the end.
Profile
MSG
 
 
   
 
 
‹‹ mysql_real_escape_string() error      Restrict search by site? ››
Post Marker Legend
New Topic New posts Hot Topic Hot Topic with new posts New Poll New Poll Moved Topic Moved Topic Sticky Topic Sticky topic
Old Topic No new posts Hot Old Topic Hot Topic with no new posts Old Poll Old Poll Closed Topic Closed Topic Announcement Announcements
Theme
Change Theme
Visitor Statistics
The most visitors ever was 1149, on July 16, 2007 10:33 AM
Total Registered Members: 62686 Total Logged-in Users: 47
Total Topics: 77253 Total Anonymous Users: 26
Total Replies: 417024 Total Guests: 249
Total Posts: 494277    
Members ( View Memberlist )
Newest Members:  meigallodixitalrafaeldx7cosiooandreamaralBoonDockacarlislevhtan00Halrunmarniedevries@hopewelltennis.comTeKPaNik
Active Members:    Adam KhanAlliamdewstowArun S.ataylor™T.Gee.Bart KustersbillinteropbirdiebobhBoyink!Burly ChassischarleeChristopher L. JorgensenCocoaholicCrucialdrzaeejpErin DalzellhearsayHeidiluvrIngmar GreilisaacmjoemokbhookunLeevi GrahamLisa WessLyle AndersonMarcusNetomatthewianchambersmichellem76mikeejayMortenNNekrawulfNevin LyneSean C. SmithseansciarronesilenzspacewalksusansantarquintheroostervulkenboywebfuxlawdogZac G.
Powered By ExpressionEngine
ExpressionEngine Discussion Forum - Version 2.1.0 (20080828)
Script Executed in 0.3668 seconds
Atom Feed   RSS 2.0