Unescaped 'title' strings used in pieforms elements
Bug #1496683 reported by
Jono M
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Medium
|
Jono M | ||
15.10 |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Normally when an element's 'title' attribute is rendered (eg. into a label) it is HTML-escaped. However, there are still a few places where it isn't, so putting HTML in the label's language string can mess up some pages. This should probably be escaped everywhere it's used (to be consistent).
To complicate things, there's an optional 'labelescaped' attribute that can be added to elements which (contrary to the name) means the label *shouldn't* be escaped.
Affects latest master
Changed in mahara: | |
status: | Confirmed → In Progress |
Changed in mahara: | |
status: | In Progress → Fix Committed |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Patch for "master" branch: https:/ /reviews. mahara. org/5307