Posts: 2,833
Threads: 141
Joined: Jan 2012
Reputation:
86
Still a bug if its not escaped on the registration page.
Support PMs will be ignored!
Posts: 2,833
Threads: 141
Joined: Jan 2012
Reputation:
86
Mostly security related: escape as much as possible and only allow HTML where really necessary. There are quite some fields where it can be helpfull but we also get a lot of reports as soon as something isn't escaped. That's why we usually discuss whether users would benefit from unescaped data and in that specific case it was decided to properly escape it. Also sometimes (like here) those descissions happened when a feature was included but later when that feature is extended the one coding it writes it the other way. And then it's simply "what is done in more places".
Support PMs will be ignored!