The Wakaba and Kareha support thread, part 3 (535)

513 Name: Anonymous : 2016-09-01 16:46 ID:4OfA+MxA [Del]

there is a bug where users can create unclosed tags, making every suceeding post bold or italic or whatever.

it happens on "<i/>" in HTML mode because the sanitize_html function in allows tags other than br to be closed implicitly.

Here's what I would propose as a fix, simply block any tag from being implicit except the 'empty' ones (as defined in ALLOWED_HTML,

--- a/kareha/ 2007-01-20 14:54:31.000000000 -0500
+++ b/kareha/ 2016-09-01 09:33:14.768000000 -0400
@@ -144,6 +144,7 @@
} keys %args;

+ $implicit=0;
$implicit="/" if($tags{$name}{empty});

push @stack,$name unless $implicit;
Name: Link:
Leave these fields empty (spam trap):
More options...