#885: escape title attribute on changeset links
---------------------+------------------------------------------------------
Id: 885 | Status: new
Component: general | Modified: Fri Nov 5 00:58:27 2004
Severity: normal | Milestone: 0.8
Priority: normal | Version: devel
Owner: jonas | Reporter: Matthew Good <matt-good.net>
---------------------+------------------------------------------------------
On Trac Wiki links to changeset, the message is placed in the title
attribute of the link, but special HTML characters are not escaped. I
noticed this in the RSS from the timeline, though this occurs in the HTML
as well.
{{{
<item>
<pubDate>Thu, 04 Nov 2004 21:11:00 GMT</pubDate>
<title>Ticket #878 resolved: Fixed in [1017].</title>
<link>http://projects.edgewall.com/trac/ticket/878</link>
<description><p>
Fixed in [.<a title=" * Only enable the resolution <select> if "closed" is
the only/first ..."
href="http://projects.edgewall.com/trac/changeset/1017">1017</a>].
</p>
</description>
<category>Ticket</category>
</item>
}}}
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/885>
The Trac Project <>
---------------------+------------------------------------------------------
Id: 885 | Status: new
Component: general | Modified: Fri Nov 5 00:58:27 2004
Severity: normal | Milestone: 0.8
Priority: normal | Version: devel
Owner: jonas | Reporter: Matthew Good <matt-good.net>
---------------------+------------------------------------------------------
On Trac Wiki links to changeset, the message is placed in the title
attribute of the link, but special HTML characters are not escaped. I
noticed this in the RSS from the timeline, though this occurs in the HTML
as well.
{{{
<item>
<pubDate>Thu, 04 Nov 2004 21:11:00 GMT</pubDate>
<title>Ticket #878 resolved: Fixed in [1017].</title>
<link>http://projects.edgewall.com/trac/ticket/878</link>
<description><p>
Fixed in [.<a title=" * Only enable the resolution <select> if "closed" is
the only/first ..."
href="http://projects.edgewall.com/trac/changeset/1017">1017</a>].
</p>
</description>
<category>Ticket</category>
</item>
}}}
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/885>
The Trac Project <>