EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #03113


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

[EP-tech] Sanitising output


Hello!

We have a couple of records which have html tags included in the abstract and Additional Information fields. The problem we have with this is that EPrints does not seem to be sanitising the output here so these are being rendered as tags in the source code. At the moment the tags are <meta> which is only causing issues when we try and parse the page, however we cannot assume that someone isn’t going to use a tag that could potentially mess up the layout like <div> or even something as simple as <strong>.

My question; should the outputs be sanitised and, if so, what’s the likely issue here? If not, is there a plugin or recommended method to do this?

Andrew

The University of Lincoln, located in the heart of the city of Lincoln, has established an international reputation based on high student satisfaction, excellent graduate employment and world-class research.

The information in this e-mail and any attachments may be confidential. If you have received this email in error please notify the sender immediately and remove it from your system. Do not disclose the contents to another person or take copies.

Email is not secure and may contain viruses. The University of Lincoln makes every effort to ensure email is sent without viruses, but cannot guarantee this and recommends recipients take appropriate precautions.

The University may monitor email traffic data and content in accordance with its policies and English law. Further information can be found at: http://www.lincoln.ac.uk/legal.