From 1b4d06c8d2b96ff0eec7b63509dfbdcb3febe73a Mon Sep 17 00:00:00 2001 From: Shish Date: Sat, 1 Feb 2020 20:01:25 +0000 Subject: [PATCH] explanation --- core/event.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/core/event.php b/core/event.php index 0d0f2caf..d9986c01 100644 --- a/core/event.php +++ b/core/event.php @@ -273,6 +273,9 @@ class TextFormattingEvent extends Event public function __construct(string $text) { parent::__construct(); + // We need to escape before formatting, instead of at display time, + // because formatters will add their own HTML tags into the mix and + // we don't want to escape those. $h_text = html_escape(trim($text)); $this->original = $h_text; $this->formatted = $h_text;