macfreek

Single Quotes In Forms

Recommended Posts

First of all, thanks for creating this website. I've just came across it yesterday.

 

A minor bug is that some forms don't seem to properly display or sanitise user-generated input. In particular, if you name a custome set "My daughter's Lego", save it, and click on the link, the name in the properties form will be displayed as "My daughter". I suspect because the quote if not properly htmlified (and rendered as <input name='descr' class='long' maxlength='100' value='My daughter's Lego'> instead of <input name='descr' class='long' maxlength='100' value='My daughter"s Lego'>).

 

I suspect something similar goes astray when there is a quote character in a password, but haven't time to examine this much further.

Share this post


Link to post
Share on other sites