HTML in Secondary Title not supported anymore?

Hi,

Unfortunately, allowing HTML in these fields poses a security risk through cross-site scripting (XSS), which was discovered a few months back (check the forum; there’s an extensive thread about this issue and feedback from users) and made the entire plugin unavailable to download. My options were to limit HTML usage or ditch the entire plugin so nobody could download it anymore.

I had to comply with limiting HTML, which is why your code doesn’t render as expected. But I do agree: there should be a better compromise.

In case you don’t know, adding HTML directly into the “Edit post” page in the meta box is still possible. Maybe that’s enough until I’ve balanced out security vs. usability.

If you give me a more detailed explanation of how you use(d) to add HTML (where, what fields, what HTML), I could include it in the test for the next version and try to have these pass.

Thanks for your fast reply. O.K. a security issue. That’s a pitty ??

I really used the HTML to show font awesome symbols (<i class= “fa fa-envelope-open></i> (for open discussion) or fa fa-youtube-play (for a YouTube video). Those font awesome symbols have been very informative for the user… if you like you can check some pages of my site “airvox.ch” – it would really be great to be able to use font awesome symbols in the subtitle with the “i” tag… thank you very much for further investigating. ??

It’d be easy to allow certain tags, i.e. <i> for Font Awesome icons. Forum rules don’t allow me to give you the code snippet to do just that, unfortunately.

However, I have to draw a line somewhere. The <script> tag is not the only one that can be abused. But at this point, I’m considering opening the <i> tag unless I find a more reliable solution that doesn’t make my plugin end up on a blacklist again ??

BTW: AfD sucks. Muss einmal gesagt werden :p

If it is possible to open up only the <i> tag to use font awesome symbols then this would be the perfect solution. I don’t suppose that this would really be a security issue.

So please open and I am happy again (although I’m not happy with most of the German politics – not only AfD…). Thankfully I live in Switzerland not in Germany… ??

I tend to agree, but the mods of this forum seem to have an eye on what I say here, so I must treat carefully :/ But I heard the plugin author is very responsive for questions and feedback via email, too.

Hi there,

I have the very same problem that gate4free mentioned above. Could you please advise?

• This reply was modified 10 months, 3 weeks ago by weberforweb.

Hi, unfortunately the possibility to use a font awesome icon with the <i> tag (e.g. <i class=”fa fa-envelope-open”></i> is still not working anymore for the secondary title. In the main title the use of this tag works without any problems. So it can’t be a security question and I really don’t understand why this simple tag can’t be used in the secondary title. It’s really a pitty… ??
Please make this work again. Thank you very much!