InlineMultiCheckboxWidget renders unescaped items
Bug #741639 reported by
William Grant
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
High
|
Ian Booth |
Bug Description
InlineMultiChec
<ul tal:condition=
<li tal:condition=
<li tal:condition=
</ul>
While it's reasonable to expect fmt:link to be safe without escaping, it's not a sensible default to not escape items when linkify_items is false.
No current callsites are affected, but it's going to trip somebody over eventually.
Related branches
lp:~wallyworld/launchpad/multicheckboxwidget-unescaped-items
- Robert Collins (community): Approve
- William Grant (community): Approve (code*)
-
Diff: 12 lines (+1/-1)1 file modifiedlib/lp/app/templates/inline-multicheckbox-widget.pt (+1/-1)
Changed in launchpad: | |
assignee: | nobody → Ian Booth (wallyworld) |
tags: |
added: qa-untestable removed: qa-needstesting |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
visibility: | private → public |
To post a comment you must log in.
Fixed in stable r12793 <http:// bazaar. launchpad. net/~launchpad- pqm/launchpad/ stable/ revision/ 12793>.