First time here? Check out the FAQ!
Ask Your Question
2

Strip out HTML tags from user profiles

Hi - is there any way to strip out all HTML from the user profile fields? If a user updates their profile I would prefer it to strip out all HTML which is currently does not seem to be doing, I can even enter HTML tags on "real name" field, which render on the user profile page post update.

http://i.imgur.com/ldaFTQV.png (Example that renders)

whackhat's avatar
1
whackhat
asked 2013-06-28 07:39:14 -0500
edit flag offensive 0 remove flag close merge delete

Comments

That's a good catch. This would be a nice feature. It can be added as a enable/disable option in conf file. So that if admin wants to disable it he can, and switch back if he changes his mind.

Chankey Pathak's avatar Chankey Pathak (2013-06-30 23:28:29 -0500) edit
more
  • delete

I think of another feature where you can "nofollow" all external links, it will save from spam and link-juice.

Chankey Pathak's avatar Chankey Pathak (2013-06-30 23:29:29 -0500) edit
more
  • delete
add a comment see more comments

1 Answer

0

Added strip tags to the "real name" field, thanks.

On the profile html is sanitized, so no urgent changes are necessary there.

Evgeny's avatar
13.2k
Evgeny
answered 2013-06-30 23:37:22 -0500
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments