This repository was archived by the owner on Sep 8, 2021. It is now read-only.
This repository was archived by the owner on Sep 8, 2021. It is now read-only.
Community & collection HTML aren't properly escaped server side #152
Description
Communities and collections have multiple fields that can contain HTML (introductory text, copyright, etc). These fields are rendered in our prototype using angular's built in innerHTML binding.
For some reason, only on the server side, it uses innerHTML not only as the content, but also adds it as an attribute to the wrapping tag. The attribute doesn't get escaped, and so if the HTML field contains a quote for example, it will break the page's rendering.
On the client-side rendered pages this issue doesn't occur
I don't think we should try to fix this ourselves, but rather wait until it is fixed in angular.