Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Trac: Tickets

[The Trac Project] #885: escape title attribute on changeset links

  

 
Trac tickets RSS feed   Index | Next | Previous | View Threaded


noreply at edgewall

Nov 5, 2004, 12:58 AM

Post #1 of 3 (743 views)
Permalink
[The Trac Project] #885: escape title attribute on changeset links
#885: escape title attribute on changeset links
---------------------+------------------------------------------------------
Id: 885 | Status: new
Component: general | Modified: Fri Nov 5 00:58:27 2004
Severity: normal | Milestone: 0.8
Priority: normal | Version: devel
Owner: jonas | Reporter: Matthew Good <matt-good.net>
---------------------+------------------------------------------------------
On Trac Wiki links to changeset, the message is placed in the title
attribute of the link, but special HTML characters are not escaped. I
noticed this in the RSS from the timeline, though this occurs in the HTML
as well.

{{{
<item>

<pubDate>Thu, 04 Nov 2004 21:11:00 GMT</pubDate>
<title>Ticket #878 resolved: Fixed in [1017].</title>

<link>http://projects.edgewall.com/trac/ticket/878</link>
<description><p>
Fixed in [.<a title=" * Only enable the resolution <select> if "closed" is
the only/first ..."
href="http://projects.edgewall.com/trac/changeset/1017">1017</a>].

</p>
</description>
<category>Ticket</category>
</item>
}}}

--
Ticket URL: <http://projects.edgewall.com/trac/ticket/885>
The Trac Project <>


noreply at edgewall

Nov 5, 2004, 1:04 AM

Post #2 of 3 (688 views)
Permalink
Re: [The Trac Project] #885: escape title attribute on changeset links [In reply to]
#885: escape title attribute on changeset links
---------------------+------------------------------------------------------
Id: 885 | Status: new
Component: general | Modified: Fri Nov 5 01:04:37 2004
Severity: normal | Milestone: 0.8
Priority: normal | Version: devel
Owner: jonas | Reporter: Matthew Good <matt-good.net>
---------------------+------------------------------------------------------
Comment (by Matthew Good <matt-good.net>):

Ok, let's try something different as Trac decided to screw that up and not
escape the {{{&}}} on the HTML entities.

Here's some HTML from the timeline:
{{{
[.<a title=" * Only enable the resolution <select> if "closed is the
only/first ...
href="http://projects.edgewall.com/trac/changeset/1017">1017</a>]
}}}

Note that the < > and " characters in the title text aren't escaped.

--
Ticket URL: <http://projects.edgewall.com/trac/ticket/885>
The Trac Project <>


noreply at edgewall

Nov 5, 2004, 11:36 AM

Post #3 of 3 (687 views)
Permalink
Re: [The Trac Project] #885: escape title attribute on changeset links [In reply to]
#885: escape title attribute on changeset links
---------------------+------------------------------------------------------
Id: 885 | Status: closed
Component: general | Modified: Fri Nov 5 11:35:59 2004
Severity: normal | Milestone: 0.8
Priority: normal | Version: devel
Owner: jonas | Reporter: Matthew Good <matt-good.net>
---------------------+------------------------------------------------------
Changes (by anonymous):

* resolution: => fixed
* status: new => closed

Comment:

Fixed in [1020]

--
Ticket URL: <http://projects2.edgewall.com/trac/ticket/885>
The Trac Project <>

Trac tickets RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.