-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nextcloud does wrongly encode the Slogan #552
Comments
Slogan is already escaped in https://github.com/nextcloud/server/blob/cce4c285dbfd6957f50112b234b3545ebcceac54/apps/theming/lib/ThemingDefaults.php#L142 Fixes nextcloud/server#7460 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Fix is in #51
I don't get this. What is the actual problem here? Could you rephrase it? |
@MorrisJobke thanks for the instant feedback. What I was trying to explain is: If you enter |
cc @nextcloud/theming |
See comment by @blizzz and thus it needs more work. Not convinced.
Requires more changes however, but I feel more comfortable when it is sanitized where the output takes place. |
I cannot find the discussion, but I remember the argument for having this sanitized in the ThemingDefaults was, that we cannot ensure that apps always sanitize the output when they use values from the Defaults. From my POV that still would be fine, since the theming values can be changed by admins only. |
This is still an issue on my instance running on NextCloud 15.0.4: See https://help.nextcloud.com/t/theming-slogan-encoding-issue/47915 for additional reference. |
Maybe a fix like nextcloud/server#27912 would be possible here too? |
the issue still persists as of 24-11-2023 in Nextcloud 27.1.3: everywhere slogan is shown, it renders special characters incorrectly |
We are able to define a slogan in the theming section of Nextcloud. Unfortunately this is displayed wrong to new users due to encoding errors.
Also, you can already see it's a bit broken when you set the slogan to 'foo & bar', and then just reload the settings page. It does not display & and instead displays & as the slogan.
The text was updated successfully, but these errors were encountered: