Duplicate Phrase mark_forums_read and HTML in phrase text

Mouth

Well-known member
If you place HTML into the phrase text for phrase mark_forums_read, eg.
HTML:
<i class="fa fa-check-circle"></i> Mark Forums Read
and then within a forum click the 'Mark Forums Read' link to get the modal pop-up, the button title/text on this pop-up is 'borked' because it contains HTML ...
Screen Shot 2013-11-21 at 11.15.44 pm.webp
 
This is roughly the same as this: http://xenforo.com/community/threads/tooltips-should-be-made-html-safe.57074/

However, the cruxt of the issue is that phrases are not guaranteed to be ok to contain HTML. It's very context dependent. Even if the first example didn't break out, HTML wouldn't work. The rule of thumb I would follow: unless a phrase contains HTML, assume it shouldn't contain HTML. This would actually be quite a few phrases then. Phrases that are literally a phrase or a few words should almost definitely not contain HTML.
 
A reasonable rule of thumb, except that in most instances the phrases are used many times, and for the majority of appearances HTML works fine. It will only be a single appearance, such as the usage for button title as above, where the HTML doesn't work. If XF is allowing HTML for phrases, then I believe it should use HTML stripping if it's going to use that phrase where HTML cannot be used.
 
Top Bottom