HTML Tags are not allowed

Started by FredT, May 12, 2022, 08:27:29 AM

Previous topic - Next topic

FredT

I do have newest smf Board installed. v2.1.2

As language I do have English and German

I go to my User Profile
I go to Profile Details
As Location I use some German cities such as:
München, Würzburg

and the ü/ Ü I think throws errors, because when I use ue it works:

Error, no matter I have German or English language active:
-----------------------------------
The following errors occurred when trying to save your profile:

HTML tags are not allowed.
--------------------------------------

I also have "Enable basic html in posts" enabled. But need that in Profile and not Board. But I am not sure this change something.


FredT

Any news on this bug? I just checked and I do have the same problem in v2.1.1

Kira_

Try to play around with these settings for a specific field.
.../index.php?action=admin;area=featuresettings;sa=profile and choose the problem field.

You cannot view this attachment.
а нас
за що?

Arantor

Holder of controversial views, all of which my own.

FredT

#4
I followed Kira´s advice to check on the Input Mask. I think this could be the problem with the regular expressions.

But I am not sure chaning any of the settings will help.
We do have: No HTML, valid email, numeric, RegEx

I think Posix Brackets needs the diacritics.

Latin letters would be [a-zA-Z]
German has some more such as [a-zA-ZäöüÄÖÜß]

ß could be ignored because of the new spelling form in German we could use ss for the "sharp S".
But important are the ä,ö,ü / Ä,Ö,Ü

Not sure where to put [a-zA-ZäöüÄÖÜß or
pattern='^.*(?=.{8,})(?=.*[a-zA-ZäöüÄÖÜß])(?=.*\d).*$'
or is it
pattern='^.*(?=.{8,})(?=.*[a-zA-Z\\u0080-\\uFFFF])(?=.*\d).*$'


Arantor

This is a bug in the HTML setting, nothing more.

In the interim, that looks like a complicated regex, what exactly does this field need to hold?
Holder of controversial views, all of which my own.

FredT

Hi Arantor,

the field not working properly is the "location" field in the profile.
It can not hold City names such as München, Würzburg, or Nürnberg.

Like state it only has to hold alphabetic letters a-zA-ZäöüÄÖÜß

Arantor

What about spaces or other punctuation?
Holder of controversial views, all of which my own.

FredT

German city/location names could also have spaces, or other punctations such as:

Bad Wörishofen
Bad Tölz
Aicha vorm Wald

Ahlefeld-Bistensee
Altdorf (Kreis Esslingen)
Lahr/Schwarzwald


Kindred

Why even bother with the input mask?

Seriously,  it sounds like you're trying to force a technical solution into a section which probably doesn't actually needs it
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

No, he's really not. He's trying to work around a bug in SMF where using the 'no HTML' filter doesn't let anything with accents in because it sees the & in the entity encoding and assumes it's invalid owing to a change made late in 2.1's development.

I was trying to figure out a better regex that would cover the situation in the meantime.
Holder of controversial views, all of which my own.

Kindred

OH, I know that there is a bug in the system there...

My point was that, in this specific case, is it even actually needed
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

What input sanitisation would you suggest instead with the custom fields setup out of the box when the one that *should* be used doesn't work properly?

Remember: the point of the exercise is to allow members to safely add the name of a location or city in Germany which means accented letters being properly supported is a requirement.
Holder of controversial views, all of which my own.

Kindred

what if there was no mask at all is my point...   the entry won't fail if the user uses an accented character in an "open" field -- does it?
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

The choices in the dropdown are "No HTML", "Email", "Numeric" and "Regex (Advanced)". There is no option for what you're suggesting, and the correct option doesn't work.

So we're trying to work out a suitable option that DOES work in the meantime.

But even if 'no mask' were an option, do you *really* want to put in a field that has the risk to hijack someone's account?
Holder of controversial views, all of which my own.

Kindred

Ok, fair... I was wrong.

Carry on
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Diego Andrés

I believe this was fixed (again) in #8211

SMF Tricks - Free & Premium Responsive Themes for SMF.

Advertisement: