Mahara

Unescaped 'title' strings used in pieforms elements

Bug #1496683 reported by Jono M
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
Medium
Jono M
Mahara 15.10.0
15.10
Fix Released
Undecided
Unassigned

Bug Description

Normally when an element's 'title' attribute is rendered (eg. into a label) it is HTML-escaped. However, there are still a few places where it isn't, so putting HTML in the label's language string can mess up some pages. This should probably be escaped everywhere it's used (to be consistent).

To complicate things, there's an optional 'labelescaped' attribute that can be added to elements which (contrary to the name) means the label *shouldn't* be escaped.

Affects latest master

Jono M (jonom)
Changed in mahara:
status: Confirmed → In Progress
Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/5307

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/5307
Committed: https://git.nzoss.org.nz/mahara/mahara/commit/9a28149b663ab68810c6272d55bf525738cb5e7c
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 9a28149b663ab68810c6272d55bf525738cb5e7c
Author: Jono Mingard <email address hidden>
Date: Thu Sep 17 17:26:18 2015 +1200

Ensure pieforms labels are always escaped (Bug #1496683)

Remove the 'labelescaped' attribute entirely since it doesn't look
like that was being used for anything vital.

behatnotneeded

Change-Id: Ibab70cfdf04862ff364d10d0cf8d49ae37e39858

Robert Lyon (robertl-9)
Changed in mahara:
status: In Progress → Fix Committed
Robert Lyon (robertl-9)
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.