#68: Malformed user name input not blocked by preferences template --------------------------+------------------------------------------------- Reporter: earle | Owner: dom Type: defect | Status: new Priority: normal | Component: openguides Version: svn | Severity: normal Keywords: templates cgi | --------------------------+------------------------------------------------- If you put something like {{{ <a href="http://example.com/">Foo</a> }}} into the preferences page as your username, the edit form gets broken. (See attachment.) The username should be unescaped or some such before being set in the preferences cookie.