Search but (another one!)

Search but (another one!)

  

So I was searching for "video player" and a bit down the list I see this:

Seems like someone forgot to escape the output...


The "offending" tag that's is not really a tag is here:

http://www.outsystems.com/forge/component-details/557/YoutubePlayer/

Hi Carlos,


I really didn't get your point. Can you explain?

Well, it seems that the search list here in the forge isn't correctly escaping the HTML.

The problem happens when the description for a component in the forge contains text that is valid HTML, in the case if the YoutubePlayer component, it has a <code> tag.

That's why after the text "(Notify Message = ERROR" you see the text in red, with a light gray background and the font changes.

This case is harmless, since other than messing up the formatting it doesn't do anything, but suppose the description was <script>alert('hello world!')</script>....


Hi Carlos,

sorry the delay, But I really need more context here. What is the search that you are using? Can you send me a recorder?


Thanks

Have a nice weekend!


Ana