[
https://issues.apache.org/jira/browse/SHINDIG-544?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris Chabot resolved SHINDIG-544.
----------------------------------
Resolution: Fixed
Assignee: Chris Chabot
Lets try the native strip_tags() for now.
It's known to have a few small issues with embeded video tags and alike, but
since we don't allow those in the title, that should be fine.
Also there is a small potential for attibute abuse (<a href="foo"
onMouseOver="parent.location = 'http://bar.com'> type evil stuff), but regexes
are also known for being less then safe in some situations (and considerably
slower then the native solution).
If we do ever run into trouble, we can look at good alternatives
thanks for the patch ;)
> Making activity.title for restful match the js apis
> ----------------------------------------------------
>
> Key: SHINDIG-544
> URL: https://issues.apache.org/jira/browse/SHINDIG-544
> Project: Shindig
> Issue Type: Bug
> Components: RESTful API (PHP)
> Reporter: Chris Chabot
> Assignee: Chris Chabot
> Attachments: Activity.php.patch
>
>
> See
> http://groups.google.com/group/opensocial-and-gadgets-spec/browse_thread/thread/806e929140569d80?hl=en#
> for details
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
