FIX: Add HTML encoding to body of topic/reply when displaying

Author: johnhenley

Dnn.CommunityForums/Entities/ReplyInfo.cs

@@ -401,11 +401,11 @@ public string GetProperty(string propertyName, string format, System.Globalizati
                         }
 
                     case "summary":
-                        return PropertyAccess.FormatString(Utilities.EncodeBrackets(length > 0 && this.Summary.Length > length ? this.Summary.Substring(0, length) : this.Summary), format);
+                        return PropertyAccess.FormatString(Utilities.EncodeBrackets(System.Web.HttpUtility.HtmlEncode(length > 0 && this.Summary.Length > length ? this.Summary.Substring(0, length) : this.Summary)), format);
                     case "body":
-                        return PropertyAccess.FormatString(length > 0 && this.Content.Body.Length > length ? this.Content.Body.Substring(0, length) : this.Content.Body, Utilities.EncodeBrackets(format));
+                        return PropertyAccess.FormatString(Utilities.EncodeBrackets(System.Web.HttpUtility.HtmlEncode(length > 0 && this.Content.Body.Length > length ? this.Content.Body.Substring(0, length) : this.Content.Body)), format);
                     case "bodytitle":
-                        return PropertyAccess.FormatString(Utilities.EncodeBrackets(GetTopicTitle(this.Content.Body)), format);
+                        return PropertyAccess.FormatString(Utilities.EncodeBrackets(System.Web.HttpUtility.HtmlEncode(GetTopicTitle(this.Content.Body))), format);
                     case "link":
                         {
                             string sTopicURL = new ControlUtils().BuildUrl(this.Forum.PortalSettings.PortalId, this.GetTabId(), this.Forum.ModuleId, this.Forum.ForumGroup.PrefixURL, this.Forum.PrefixURL, this.Forum.ForumGroupId, this.Forum.ForumID, this.TopicId, this.Topic.TopicUrl, -1, -1, string.Empty, 1, this.ContentId, this.Forum.SocialGroupId);

Dnn.CommunityForums/Entities/TopicInfo.cs

@@ -736,15 +736,15 @@ public string GetProperty(string propertyName, string format, System.Globalizati
 
                     return string.Empty;
                 case "bodytitle":
-                    return PropertyAccess.FormatString(Utilities.EncodeBrackets(GetTopicTitle(this.Content.Body)), format);
+                    return PropertyAccess.FormatString(Utilities.EncodeBrackets(System.Web.HttpUtility.HtmlEncode(GetTopicTitle(this.Content.Body))), format);
                 case "summary":
                     return PropertyAccess.FormatString(
-                        Utilities.EncodeBrackets(
+                        Utilities.EncodeBrackets(System.Web.HttpUtility.HtmlEncode(
                         !string.IsNullOrEmpty(this.Summary)
                         ? length > 0 && this.Summary.Length > length ? this.Summary.Substring(0, length) : this.Summary
-                        : length > 0 && this.Content.Body.Length > length ? this.Content.Body.Substring(0, length) : this.Content.Body), format);
+                        : length > 0 && this.Content.Body.Length > length ? this.Content.Body.Substring(0, length) : this.Content.Body)), format);
                 case "body":
-                    return PropertyAccess.FormatString(Utilities.EncodeBrackets(length > 0 && this.Content.Body.Length > length ? this.Content.Body.Substring(0, length) : this.Content.Body), format);
+                    return PropertyAccess.FormatString(Utilities.EncodeBrackets(System.Web.HttpUtility.HtmlEncode(length > 0 && this.Content.Body.Length > length ? this.Content.Body.Substring(0, length) : this.Content.Body)), format);
                 case "lastreplyid":
                     return PropertyAccess.FormatString(this.LastReplyId.ToString(), format);
                 case "replycount":

Dnn.CommunityForums/ReleaseNotes.txt

@@ -70,11 +70,14 @@
             <li>NEW: Adds Recycle Bin to be able to restore (soft-)deleted topics and replies (<a href="https://github.com/DNNCommunity/Dnn.CommunityForums/pull/1531">PR# 1531</a>)</li>
             <li>NEW: Adds an avatar injection service to populate avatars (currently using Gravatar) for forums users who haven't set up their own DNN profile picture/avatar. (<a href="https://github.com/DNNCommunity/Dnn.CommunityForums/pull/1446">PR# 1446</a>)</li>
 <!-- 
-              <li>NEW: (<a href="https://github.com/DNNCommunity/Dnn.CommunityForums/pull/TBD">PR# TBD</a>)</li>
-
+            <li>NEW: (<a href="https://github.com/DNNCommunity/Dnn.CommunityForums/pull/TBD">PR# TBD</a>)</li>
             <li>UPDATE:  (<a href="https://github.com/DNNCommunity/Dnn.CommunityForums/issues/">Issue </a>)</li>
--->
+--> 
+            <li>UPDATE: Improved handling of XML & HTML in posts (<a href="https://github.com/DNNCommunity/Dnn.CommunityForums/issues/1385">Issue 1385</a>)</li>
+
+<!--
             <li>None at this time.</li>
+-->
         </ul>
 
         <h4>Bug Fixes</h4>