Skip to content

fix: Encode user content that looks like HTML for display#2245

Merged
nikclayton merged 1 commit into
pachli:mainfrom
nikclayton:htmlencode
Apr 20, 2026
Merged

fix: Encode user content that looks like HTML for display#2245
nikclayton merged 1 commit into
pachli:mainfrom
nikclayton:htmlencode

Conversation

@nikclayton

@nikclayton nikclayton commented Apr 20, 2026

Copy link
Copy Markdown
Contributor

Some user content (e.g., display names, pronouns, filter titles) might contain HTML characters (e.g., ""). If these are passed through fromHtml the content is corrupted, and in some cases disappears.

For example, in the string " boosted" for boosted posts the </Antir> text disappears.

Fix this by calling htmlEncode() on user generated content before it is passed to htmlHtml.

Reported by https://github.com/anauta in #2180

@nikclayton
fix: Encode user content that looks like HTML for display
cc27c66 
Some user content (e.g., display names, pronouns, filter titles) might contain
HTML characters (e.g., "</Antir>"). If these are passed through `fromHtml` the
content is corrupted, and in some cases disappears.

For example, in the string "</Antir> boosted" for boosted posts the `</Antir>`
text disappears.

Fix this by calling `htmlEncode()` on user generated content before it is
passed to `htmlHtml`.

Reported by https://github.com/anauta in pachli#2180
@nikclayton nikclayton merged commit 701e45e into pachli:main Apr 20, 2026
28 checks passed
@nikclayton nikclayton deleted the htmlencode branch April 20, 2026 10:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nikclayton