Code: Select all
PARAMALTREADMORE=Enter the text that you want to appear alongside the dynamic <em>Read more:</em> link instead of the default setting of using the Article Title.
So, what I'm asking really is whether the bug is that there are html tags in some language strings in the first place, or that it is plugged into attribute values without being escaped?
Note that I have also found some places where the code directly generates unescaped html and plugs it into attribute values, like the Publish Information tooltip (ContentView->showContent, administrator/components/com_content/admin.content.html.php).