diff --git a/core/server/models/post.js b/core/server/models/post.js
index d4dd4af09e..394e8fc807 100644
--- a/core/server/models/post.js
+++ b/core/server/models/post.js
@@ -51,7 +51,9 @@ Post = ghostBookshelf.Model.extend({
this.set('html', converter.makeHtml(this.get('markdown')));
- this.set('title', this.sanitize('title').trim());
+ // disabling sanitization until we can implement a better version
+ //this.set('title', this.sanitize('title').trim());
+ this.set('title', this.get('title').trim());
if (this.hasChanged('status') && this.get('status') === 'published') {
if (!this.get('published_at')) {
diff --git a/core/server/models/settings.js b/core/server/models/settings.js
index 92b4b425b4..8c0e89f230 100644
--- a/core/server/models/settings.js
+++ b/core/server/models/settings.js
@@ -78,10 +78,11 @@ Settings = ghostBookshelf.Model.extend({
saving: function () {
- // All blog setting keys that need their values to be escaped.
- if (this.get('type') === 'blog' && _.contains(['title', 'description', 'email'], this.get('key'))) {
- this.set('value', this.sanitize('value'));
- }
+ // disabling sanitization until we can implement a better version
+ // All blog setting keys that need their values to be escaped.
+ // if (this.get('type') === 'blog' && _.contains(['title', 'description', 'email'], this.get('key'))) {
+ // this.set('value', this.sanitize('value'));
+ // }
return ghostBookshelf.Model.prototype.saving.apply(this, arguments);
}
diff --git a/core/server/models/user.js b/core/server/models/user.js
index d1c317c91d..8c45de05d6 100644
--- a/core/server/models/user.js
+++ b/core/server/models/user.js
@@ -67,11 +67,13 @@ User = ghostBookshelf.Model.extend({
saving: function () {
- this.set('name', this.sanitize('name'));
- this.set('email', this.sanitize('email').toLocaleLowerCase());
- this.set('location', this.sanitize('location'));
- this.set('website', this.sanitize('website'));
- this.set('bio', this.sanitize('bio'));
+ // disabling sanitization until we can implement a better version
+ // this.set('name', this.sanitize('name'));
+ // this.set('email', this.sanitize('email').toLocaleLowerCase());
+ // this.set('location', this.sanitize('location'));
+ // this.set('website', this.sanitize('website'));
+ // this.set('bio', this.sanitize('bio'));
+ this.set('email', this.get('email').toLocaleLowerCase());
return ghostBookshelf.Model.prototype.saving.apply(this, arguments);
},
diff --git a/core/test/integration/model/model_posts_spec.js b/core/test/integration/model/model_posts_spec.js
index f926cb6ab2..a635224a75 100644
--- a/core/test/integration/model/model_posts_spec.js
+++ b/core/test/integration/model/model_posts_spec.js
@@ -377,12 +377,13 @@ describe('Post Model', function () {
}).then(null, done);
});
- it('should sanitize the title', function (done) {
- new PostModel().fetch().then(function (model) {
- return model.set({'title': ""}).save();
- }).then(function (saved) {
- saved.get('title').should.eql("</title></head><body>[removed]alert('blogtitle');[removed]");
- done();
- }).otherwise(done);
- });
+ // disabling sanitization until we can implement a better version
+ // it('should sanitize the title', function (done) {
+ // new PostModel().fetch().then(function (model) {
+ // return model.set({'title': ""}).save();
+ // }).then(function (saved) {
+ // saved.get('title').should.eql("</title></head><body>[removed]alert('blogtitle');[removed]");
+ // done();
+ // }).otherwise(done);
+ // });
});