Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Trac>
  3. Tickets
[The Trac Project] #885: escape title attribute on changeset links
noreply at edgewall
Nov 5, 2004, 12:58 AM
Post #1 of 3 (1691 views)
Permalink
#885: escape title attribute on changeset links
---------------------+------------------------------------------------------
Id: 885 | Status: new
Component: general | Modified: Fri Nov 5 00:58:27 2004
Severity: normal | Milestone: 0.8
Priority: normal | Version: devel
Owner: jonas | Reporter: Matthew Good <matt-good.net>
---------------------+------------------------------------------------------
On Trac Wiki links to changeset, the message is placed in the title
attribute of the link, but special HTML characters are not escaped. I
noticed this in the RSS from the timeline, though this occurs in the HTML
as well.

{{{
<item>

<pubDate>Thu, 04 Nov 2004 21:11:00 GMT</pubDate>
<title>Ticket #878 resolved: Fixed in [1017].</title>

<link>http://projects.edgewall.com/trac/ticket/878</link>
<description><p>
Fixed in [.<a title=" * Only enable the resolution <select> if "closed" is
the only/first ..."
href="http://projects.edgewall.com/trac/changeset/1017">1017</a>].

</p>
</description>
<category>Ticket</category>
</item>
}}}

--
Ticket URL: <http://projects.edgewall.com/trac/ticket/885>
The Trac Project <>
Re: [The Trac Project] #885: escape title attribute on changeset links [ In reply to ]
noreply at edgewall
Nov 5, 2004, 1:04 AM
Post #2 of 3 (1607 views)
Permalink
#885: escape title attribute on changeset links
---------------------+------------------------------------------------------
Id: 885 | Status: new
Component: general | Modified: Fri Nov 5 01:04:37 2004
Severity: normal | Milestone: 0.8
Priority: normal | Version: devel
Owner: jonas | Reporter: Matthew Good <matt-good.net>
---------------------+------------------------------------------------------
Comment (by Matthew Good <matt-good.net>):

Ok, let's try something different as Trac decided to screw that up and not
escape the {{{&}}} on the HTML entities.

Here's some HTML from the timeline:
{{{
[.<a title=" * Only enable the resolution <select> if "closed is the
only/first ...
href="http://projects.edgewall.com/trac/changeset/1017">1017</a>]
}}}

Note that the < > and " characters in the title text aren't escaped.

--
Ticket URL: <http://projects.edgewall.com/trac/ticket/885>
The Trac Project <>
Re: [The Trac Project] #885: escape title attribute on changeset links [ In reply to ]
noreply at edgewall
Nov 5, 2004, 11:36 AM
Post #3 of 3 (1606 views)
Permalink
#885: escape title attribute on changeset links
---------------------+------------------------------------------------------
Id: 885 | Status: closed
Component: general | Modified: Fri Nov 5 11:35:59 2004
Severity: normal | Milestone: 0.8
Priority: normal | Version: devel
Owner: jonas | Reporter: Matthew Good <matt-good.net>
---------------------+------------------------------------------------------
Changes (by anonymous):

* resolution: => fixed
* status: new => closed

Comment:

Fixed in [1020]

--
Ticket URL: <http://projects2.edgewall.com/trac/ticket/885>
The Trac Project <>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal