denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)
Denise ([staff profile] denise) wrote in [site community profile] dw_news 2012-03-17 07:17 am (UTC)

We have to escape the HTML shown in hover text, because otherwise it could be a vector for malicious asspimplehood (long story short, it's because icons are shown in so many different contexts and spaces). So, yeah, anything that goes into the hover text shouldn't include HTML. We could rewrite things so that the tags are stripped, not escaped -- and we probably will -- but stripping can result in weird glitches sometimes, so you shouldn't rely on it.

There really shouldn't be any HTML in the description field anyway -- the description is intended for screenreader users, to let them get a sense of what the icon contains. For credit, usernames, etc, that should probably go in the Comments field, not the Description -- the next code push will be removing the Comments field from the hover text and alt text, since seeing it "in action", and how people tend to use it, made it clear that people tend to use the Comments field as "icon housekeeping" that doesn't need to be shown on hover, just on the Icons page. So, if you want to use HTML (for credit, username links, etc) you can put that in the Comments field, and after the next push that will no longer display in hover text.

Post a comment in response:

Anonymous( )Anonymous This account has disabled anonymous posting.
OpenID( )OpenID You can comment on this post while signed in with an account from many other sites, once you have confirmed your email address. Sign in using OpenID.
Account name:
If you don't have an account you can create one now.
HTML doesn't work in the subject.


If you are unable to use this captcha for any reason, please contact us by email at

Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.