HTML in the Replit username user field

The user field for your Replit username is not working correctly. On 99% of peoples profiles that were made in the past few weeks (I think) it displays as <span class="mention">@username</span>. It should only display as @username.

List of effected users

This is a small list of effected users. There are more users affected that are not listed here.

Some users have other HTML tags in the user field like <h1> and the <a> tag

That’s a good spot! Not entirely sure how to resolve this but I’ll add it to my list and investigate when I can!

1 Like

My guess is that it’s how the user field is set up. I can go and look at some stuff on meta and probably be able to figure out how to fix this (for new and updated users) and make it link to their Replit profile.

That would be helpful, thanks @Ethan I’ll take a look at it soon.

@IanAtReplit Can I have the current configuration of the user field? That may help in my reaserch.

Here is the current setup. It doesn’t appear to have the option to remove HTML tags (which is what I think is happening here, users are deliberately trying to add HTML)

(post deleted by author)

You are correct. In all posts, user bio and a few other places all HTML renders. But not in user fields

Not sure what is going on. @IanAtReplit mind if I ask over on meta how to prevent this since any text is accepted?

When I joined, I thought it was a feature where you could customize how your username looks.

Was not an intended feature. You should ONLY be able to put your username. Thought its not a problem now you wont get in trouble since its SFW but it should be going away soon once we figure out how to fix it.


@IanAtReplit did a little more digging and I am not sure what is happening. Mind if I ask over on meta?

That would be fantastic, thanks @ethan!

I’m going to work on the topic now. I am going to link to this topic for more detail. I did try making a reflex pattern but it did not work and I don’t think there is a way to implement it.

@IanAtReplit I finished the draft but have not made it. Tell me when you are ready since you will need to test this stuff since I don’t have admin.

@IanAtReplit Clicked the button: Restrict what can be in a userfield - support - Discourse Meta.

Thanks @Ethan - urgh to custom plugins response! :frowning:

We got no solution other than to check them manually. So no solution now. So we really need SSO implemented or to upgrade our hosting or self-host.

What do you think would be the best course of action from here? Since we cant change every single one.

It’s possible to run a check on the user database export for HTML once it is in a spreadsheet package but… still semi manual effort required here.

And the user base is growing a lot so it’s way too inefficient. And after a single person does a few hundred users it gets way too repetitive. We may be able to use the API to do this