Community / Forums / Paizo / Website Feedback

& and < not HTML-escaped

Website Feedback

Search Thread

jthilo

Mar 26, 2007, 05:51 am

Hi,

I've noticed that the ampersand ("&") and less-than ("<") characters are not properly HTML-escaped when we include them in our posts. I didn't find anything on the site explaining that users are supposed to escape them manually, and people who don't know HTML probably won't realize they're doing anything wrong.

Right: & < (I escaped these manually)
Wrong: & < (the way many people will type them)

I'd include an HTML validator link for this post, but I think all the other HTML errors would obscure the appropriate messages. :-)

Gary Teter Senior Software Developer

Mar 26, 2007, 08:44 am

You're right. The next time I roll the site & and < should be properly escaped. People should just type them normally. The messageboards run on our subset of BBCode, not HTML -- HTML tags and entities should not be used.

The rest of the validation errors, well.... Maybe someday.

jthilo

Mar 26, 2007, 09:07 am

Gary Teter wrote:

You're right. The next time I roll the site & and < should be properly escaped. People should just type them normally. The messageboards run on our subset of BBCode, not HTML -- HTML tags and entities should not be used.

Hi Gary,

> and " should get that treatment as well, although they're less likely to cause problems when mishandled.

Gary Teter wrote:

The rest of the validation errors, well.... Maybe someday.

:-)

Community / Forums / Paizo / Website Feedback / & and < not HTML-escaped	All Messageboards
Want to post a reply? Sign in.

Recent threads in Website Feedback

$10.00 Off Shipping On Orders Of $100 Or More Is Not Working

Last post: Sunday, 07:56 pm by Pigraven