Mobile template not encoding ampersand symbol correctly

[Daniel Maier]

When using ampersand in the event title, the mobile template doesn’t encode it correctly, instead of showing:
&
it shows:
& a m p ;

I notice if I change the template to use:
[[=raw title]]
it works fine as it doesn’t escape any HTML. However, what would be the risks involved by using:
[[=raw title]]
instead of only:
[[=title]]?

I am aware we could have some XSS vulnerabilities using this method. However, I’m not sure if this applies to this case.

Could you please confirm it or provide a solution for the encoding issue?

Thank you!

• This topic was modified 9 years, 12 months ago by Daniel Maier.
• This topic was modified 9 years, 12 months ago by Cliff.

[Cliff]

Hi Daniel. Here’s a video of the Events single page and the Mini Calendar widget displaying an event with an ampersand in the title and everything being displayed correctly: http://cl.ly/1L2R2F1k0r1Y

There might be some new updates available. Could you please make sure all your Modern Tribe plugins (and WordPress core) are at their latest versions?

• Downloads / Version Numbers
• TEC Automatic Updates
• or TEC Manual Updates
• WordPress core updates

Once you verify you’re on the latest versions, please test to see if the issue is still happening for you.

If it is, please follow our Testing for Conflicts Guide and see if that helps narrow down the cause of this.

If it doesn’t, please share your System Information. That will give me a lot of extra information to help diagnose the problem.

Let us know what you find out.

Thanks.

[Support Droid]

This topic has not been active for quite some time and will now be closed.

If you still need assistance please simply open a new topic (linking to this one if necessary)
and one of the team will be only too happy to help.

[Author]

Posts