The patches as written didn't seem to fix what Christine identified in #4, but I've written a follow-up that has the underlying stored procedures that generate the display field values (highlighted and not highlighted) do HTML-escaping lower down the stack. Patches, including my signoffs on Jeff's patches, are found in:
The patches as written didn't seem to fix what Christine identified in #4, but I've written a follow-up that has the underlying stored procedures that generate the display field values (highlighted and not highlighted) do HTML-escaping lower down the stack. Patches, including my signoffs on Jeff's patches, are found in:
collab/ gmcharlt/ lp1923225- more-html- escaping- tweaks