polr
polr copied to clipboard
html special characters in passwords are not unescaped
Expected Behavior
Angle bracket ('>') entered in password should be sent to database as an angle bracket
Current Behavior
Angle bracket entered in password is sent to database as html escape sequence ('>')
Possible Solution
Use html_entity_decode() on password (and perhaps on other fields) before writing them to .env (or however that translates into the frameworks being used).
If there's no documentation on how to make this happen, warn the user of this issue.
(I had to update my comment so that it would display properly - if you happened to look at this issue before now, you would have seen the issue reporting an apparently a false issue because of how github issues handle html escape sequences).