Edgewall Software
Modify

Opened 20 years ago

Closed 20 years ago

#885 closed defect (fixed)

escape title attribute on changeset links

Reported by: Matthew Good <matt-good.net> Owned by: Jonas Borgström
Priority: normal Milestone: 0.8
Component: general Version: devel
Severity: normal Keywords:
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description

On Trac Wiki links to changeset, the message is placed in the title attribute of the link, but special HTML characters are not escaped. I noticed this in the RSS from the timeline, though this occurs in the HTML as well. 

<item>
        
        <pubDate>Thu, 04 Nov 2004 21:11:00 GMT</pubDate>
        <title>Ticket #878 resolved: Fixed in [1017].</title>

        <link>http://projects.edgewall.com/trac/ticket/878</link>
        <description><p>
Fixed in [<a title=" * Only enable the resolution <select> if "closed" is the only/first ..." href="http://projects.edgewall.com/trac/changeset/1017">1017</a>].

</p>
</description>
        <category>Ticket</category>
      </item>

Attachments (0)

Change History (2)

comment:1 by Matthew Good <matt-good.net>, 20 years ago

Ok, let's try something different as Trac decided to screw that up and not escape the & on the HTML entities.

Here's some HTML from the timeline: 

[<a title=" * Only enable the resolution <select> if "closed is the only/first ...
href="http://projects.edgewall.com/trac/changeset/1017">1017</a>]

Note that the < > and " characters in the title text aren't escaped.

comment:2 by anonymous, 20 years ago

Resolution: fixed
Status: newclosed

Fixed in [1020]

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Jonas Borgström.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Jonas Borgström to the specified user.

Add Comment
E-mail address and name can be saved in the Preferences .
AttachmentsDescription
 
Note: See TracTickets for help on using tickets.