User names associated with ticket attachments are not HTML-escaped
|Reported by:||Christopher Lenz||Owned by:||Jonas Borgström|
As can be seen on ticket #791 (as of this writing), the name of the user that has added an attachment to the ticket is not escaped. In particular, this is a problem with session names including the email address, such as
Tom example <firstname.lastname@example.org>. Here the email address in interpreted as a tag by browsers.