Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Juxt Bans are HTML escaped, even tho they don't have to be #83

Open
1 task done
ErdbeerbaerLP opened this issue Jul 22, 2024 · 1 comment
Open
1 task done

[Bug]: Juxt Bans are HTML escaped, even tho they don't have to be #83

ErdbeerbaerLP opened this issue Jul 22, 2024 · 1 comment
Labels
approved The topic is approved by a developer bug Something isn't working

Comments

@ErdbeerbaerLP
Copy link
Contributor

Checked Existing

  • I have checked the repository for duplicate issues.

What happened?

When banning an user in juxt, the reason gets HTML escaped.
Yet it does get displayed as plaintext everywhere.

Used reason here is Asked so nicely to get B& ;)

Screenshots (cc: @piplupness_ on discord):
image
image

What did you expect to happen?

The reason should display as Asked so nicely to get B& ;) instead of Asked so nicely to get B& ;)

Steps to reproduce?

  • Ban a user with special charaters as reason, like an AND.
  • Let that user login
  • &

Other relevant information. (OPTIONAL)

No response
@ErdbeerbaerLP ErdbeerbaerLP added awaiting-approval Topic has not been approved or denied bug Something isn't working labels Jul 22, 2024
@Milk-Cool
Copy link

i mean, it is unlikely but a mod can steal an account by injecting a script if it doesn't get sanitized

@jonbarrow jonbarrow added approved The topic is approved by a developer and removed awaiting-approval Topic has not been approved or denied labels Sep 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
approved The topic is approved by a developer bug Something isn't working
Projects
Pretendo Tasks and Goals
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jonbarrow @ErdbeerbaerLP @Milk-Cool