HTML Tags and Source link not working anymore

Thanks for the heads up! I will get this fixed within the next few days and let you know.

Thank you.

Previous versions before 1.0.0 have security issues and should not be used. That I could enter <br> also meant I could enter an XSS attack and have it accepted by the database. HTML tags are now filtered (sanitize_textarea_field) to “lessen the possibility of XSS vulnerabilities and MITM attacks…” The Henry Beston quote with <br><br> can now be displayed using two (Enter) or (Shift+Enter) in the quote field.

Fields are run through the Make_Clickable function which allows entering just urls, email addresses etc with no HTML tags. The Cleveland Amory quote should now display a proper link… I was esc_html instead of wp_kses_post on it. If it still shows the tags, perhaps try editing the quote and remove them there since it may have stored them directly into the string. The Same thing for the Terry Pratchet quote displaying the slash.

The bold … I’m going to have to give that some thought how to get that and other styling to work. It would be cool be able to <i> etc. too.

I’ve updated to version 1.1.0 and will keep the styling in mind. Let me know how it’s working with the rest. Thanks!

• This reply was modified 2 years, 5 months ago by oooorgle.

Thank you very much!.

Working great so far (updated page so you can see). Good luck with figuring out the HTML styling b.t.w.

A few other things i noticed:

1. If the Source is empty, the quotes-llama-icon-arrow still shows after the Author on the same line. Not showing it, if there is no source would be nice.

2. If the Source is a link, a normal link works but a link like this:

<a href="https://en.wikipedia.org/wiki/Cleveland_Amory" target="_blank" rel="noopener">- Cleveland Amory</a>.

Gets removed now. If was that way before. Is that still possible now?. It looks a lot better if you do not see the whole link especially in the widget for example.

Thanks again for all the updates.

• This reply was modified 2 years, 5 months ago by Gendji.
• This reply was modified 2 years, 5 months ago by Gendji.

= Version 1.1.1 = Update notes.
* **Fix** Since last update, the source arrow icon is displaying in the author field when there is no source. (identified by: gendji)
* **Fix** Debug warning ‘characters in header’ when importing quotes. Moved echo into return.
* **Add** Expand the use of make_clickable to filter URL protocols from displaying in text links. (suggested by: gendji)
* **Add** Options setting to omit/display URL protocols in text links.

Let me know how it works ??

Thank you for the update.

Source arrow is fixed now, thank you.

The URL protocol change removes https:// part of the link but using <a href=” still removes the complete link. Tested it with Display HTTP on and off.

I was wondering if i should close this topic as resolved and start a new one on the <a href=” “problem”. The original “issues” in the starting topic are resolved but because i found other ones it stays open now.

Or doesn’t that matter? Somehow looks weird to me that it’s still open although it is actually resolved ??

The href linking is in the same boat as the bold formatting. If I can figure an acceptable way to do without compromising security (which I think I have a good idea how) then that will be something available with the formatting options. Let’s do close this thread and create another specific to the formatting options. If you don’t mind perhaps provide a list of the html tags you want to use in the new thread: Thanks!
(tag –> attribute)
‘a’ –> ‘href, rel, class.
‘strong’
‘br’

I will do that and thank you.