Thread: Quotes within HTML tags not escaped
View Single Post
  #1 (permalink)  
Old 11-05-2006, 12:56 AM
vanyel vanyel is offline
New Pligger
 		 
Join Date: Apr 2006
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Quotes within HTML tags not escaped
Hi all,

I believe the bug I'm having with Pligg 8.2 is that quotes within allowed HTML tags are not being escaped. This causes a problem when attempting to submit a story with quotes within <embed><object><param> tags like so:

Quote:
<a title="submit 'testing dance thing' to del.icio.us" href="http://del.icio.us/post" onclick="window.open('http://del.icio.us/post?v=4&amp;noui&amp;jump=close&amp;url=http%3A%2 F%2Fwww.youtube.com%2Fwatch%3Fv%3Dt8RQqd9saDk&amp; title=testing+dance+thing', 'del.icio.us','toolbar=no,width=700,height=400'); return false;"><img src="http://www.betterdance.com/templates/mollio-beat/images/delicious.png" border="0" alt="submit 'testing dance thing' to del.icio.us" /></a>
&nbsp;&nbsp; <a title="submit 'testing dance thing' to digg" href="http://digg.com/submit?phase=2&amp;url=http%3A%2F%2Fwww.youtube.co m%2Fwatch%3Fv%3Dt8RQqd9saDk&amp;title=testing dance thing&amp;bodytext=<object width="425"

Posting is fine when I just have quotes in the body of a story, with no HTML tags.


What's the best fix for this?
__________________
http://www.playables.com
Reply With Quote