I don't believe there's any sanitization on the video field. I've created a new ticket for this here. It's very much related to ticket #887, so I'll do them both at the same time.
Uh .. just for the record.
It is perfectly fine to have HTML or any other form of "code" or "markup" in the database. In fact - it should stay in that format.
It is YOUR job as a consumer to sanitize/encode values when presenting them, because only YOU know which format they should go in.
(As an example, for HTML, there are different encodings depending on if you want some text in the body, attributes, javascript or css).
Joe Rose 的回复
于 2015 年 06 月 08 日 9:32下午
Travis;
Sure enough! It executed in this post!
Travis Bell 的回复
于 2015 年 06 月 08 日 11:29下午
Hi Joe,
I don't believe there's any sanitization on the video field. I've created a new ticket for this here. It's very much related to ticket #887, so I'll do them both at the same time.
LordMike 的回复
于 2015 年 06 月 15 日 5:04下午
Uh .. just for the record. It is perfectly fine to have HTML or any other form of "code" or "markup" in the database. In fact - it should stay in that format.
It is YOUR job as a consumer to sanitize/encode values when presenting them, because only YOU know which format they should go in. (As an example, for HTML, there are different encodings depending on if you want some text in the body, attributes, javascript or css).
Mike