Defect #807
HTML not escaped in ticket descriptions
Status: | Closed | Start date: | 2008-03-07 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 0% | |
Category: | UI | |||
Target version: | - | |||
Resolution: | Fixed | Affected version: |
Description
HTML Tags are not escaped in ticket comments.
Related issues
Associated revisions
History
#1
Updated by Rocco Stanzione about 14 years ago
I think this is a have-your-cake-and-eat-it-too scenario. Issue descriptions are textilized so they can be formatted, and part of that is accepting HTML as-is. You should probably put any HTML in the descriptions (that you don't want interpreted by browsers) into a
tag.#2
Updated by Jean-Philippe Lang about 14 years ago
Actually, HTML is escaped here on redmine.org (eg. <h1>Redmine</h1>) except pre
tags used for preformatted text.
I'll commit this change.
#3
Updated by Jean-Philippe Lang about 14 years ago
- Status changed from New to Closed
- Resolution set to Fixed
Fixed in r1216 (only pre tags are not escaped).
#4
Updated by Go MAEDA almost 7 years ago
- Related to Feature #20497: Markdown formatting supporting HTML added
#5
Updated by Go MAEDA over 2 years ago
- Related to Feature #23717: Allow HTML View in description diff added