Menu
▾
▴
#86 Stripping special characters in file notes
I was about to patch the file note encoding to use json.dumps to handle escaping special characters (combined with replacing "'" with "\'"), when I noticed the main bug (unescaped single quotes) had already been fixed upstream.
I would like to lift the restrictions on what characters can be inserted, but to avoid forking the project, I wanted to make sure any changes I made would be acceptable. Can you elaborate on why so many characters are filtered out? It's kind of unexpected for our users when they include quotes or other characters that are removed.
Not a major deal, just trying to gain some insight since I'm pretty unfamiliar with the codebase.
actually even better, replace ' with %27
This is something I agree needs to be refined. I was going to approach it as a configurable setting in the admin panel, where the admin can define their own regex to strip/replace characters.
This is a response to an identified XSS vulnerability, and a most restrictive policy was applied.