Menu

#666 Author names can include double quotes

v1.0 (example)
closed-fixed
Ahasuerus
None
5
2026-03-28
2017-05-12
Ahasuerus
No

Normally double quotes are automatically converted to single quotes at submission creation time. However, if a double quote is HTML-encoded, it can get past the filters and be included in the author's name.

2020-11-25 edit: Here is a sample submission with double quotes in Roshni "Rush" Bhatia-- http://www.isfdb.org/cgi-bin/view_submission.cgi?4839681

Discussion

  • Ahasuerus

    Ahasuerus - 2017-05-12
    • Description has changed:

    Diff:

    --- old
+++ new
@@ -1 +1 @@
-Normally double quotes are automatically converted to dingle quotes at submission creation time. However, if a double quote is HTML-encoded, it can get past the filters and be included in the author's name.
+Normally double quotes are automatically converted to single quotes at submission creation time. However, if a double quote is HTML-encoded, it can get past the filters and be included in the author's name.
     

  • Ahasuerus

    Ahasuerus - 2017-06-14
    • summary: Author names can included double quotes --> Author names can include double quotes
     

  • Ahasuerus

    Ahasuerus - 2020-11-25
    • Description has changed:

    Diff:

    --- old
+++ new
@@ -1 +1,3 @@
 Normally double quotes are automatically converted to single quotes at submission creation time. However, if a double quote is HTML-encoded, it can get past the filters and be included in the author's name.
+
+2020-11-25 edit: Here is a sample submission with double quotes in Roshni "Rush" Bhatia-- http://www.isfdb.org/cgi-bin/view_submission.cgi?4839681
     

  • Ahasuerus

    Ahasuerus - 2026-03-28
    • status: open --> closed-fixed
    • assigned_to: Ahasuerus
     

  • Ahasuerus

    Ahasuerus - 2026-03-28

    Fixed in common/library.py, installed in SVN 1293 on 2026-03-28. Closing the Bug report.

     

Anonymous
Anonymous

Add attachments
Cancel





MongoDB Logo MongoDB