2012-12-14 - [GRASE-Hotspot] #92: Form input fields need escaping for display

Header Data

From: GRASE Trac <tr***c@grasehotspot.org>
Message Hash: b33e713df1e6f53fcc17e568d3f83516d46ec0c32b8ad4cf98bb3ce444f2214e
Message ID: <039.10de8327fd5265d28e266858dec31e4d@grasehotspot.org>
Reply To: N/A
UTC Datetime: 2012-12-14 16:40:38 UTC
Raw Date: Fri, 14 Dec 2012 23:40:38 -0000

Raw message

#92: Form input fields need escaping for display
-----------------------------+-----------------
 Reporter:  tim              |      Owner:  tim
     Type:  defect           |     Status:  new
 Priority:  major            |  Milestone:  3.8
Component:  Admin Interface  |    Version:  3.7
 Keywords:                   |
-----------------------------+-----------------
 We currently escape data correct as it goes into the database. However any
 form input fields that can contain a ' or " are at risk of incorrect
 escaping for display

 We need to make sure all smarty variables are run through |escape before
 displaying, and need to check if we have used single or double quotes for
 the attributes

-- 
Ticket URL: <http://trac.grasehotspot.org/ticket/92>
GRASE Hotspot <http://grasehotspot.org/>
GRASE Hotspot bug tracker

Thread

• Return to December 2012

• Return to “GRASE Trac <tr***c@grasehotspot.org>”

• 2012-12-14 (Fri, 14 Dec 2012 23:40:38 -0000) - [GRASE-Hotspot] #92: Form input fields need escaping for display - GRASE Trac <tr***c@grasehotspot.org>

  • 2012-12-14 (Fri, 14 Dec 2012 23:42:17 -0000) - Re: [GRASE-Hotspot] #92: Form input fields need escaping for display - GRASE Trac <tr***c@grasehotspot.org>