Public bug reported:
Normally when an element's 'title' attribute is rendered (eg. into a
label) it is HTML-escaped. However, there are still a few places where
it isn't, so putting HTML in the label's language string can mess up
some pages. This should probably be escaped everywhere it's used (to be
consistent).
To complicate things, there's an optional 'labelescaped' attribute that
can be added to elements which (contrary to the name) means the label
*shouldn't* be escaped.
Affects latest master
** Affects: mahara
Importance: Medium
Assignee: Jono Mingard (mingard)
Status: In Progress
** Changed in: mahara
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1496683
Title:
Unescaped 'title' strings used in pieforms elements
Status in Mahara:
In Progress
Bug description:
Normally when an element's 'title' attribute is rendered (eg. into a
label) it is HTML-escaped. However, there are still a few places where
it isn't, so putting HTML in the label's language string can mess up
some pages. This should probably be escaped everywhere it's used (to
be consistent).
To complicate things, there's an optional 'labelescaped' attribute
that can be added to elements which (contrary to the name) means the
label *shouldn't* be escaped.
Affects latest master
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1496683/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to : mahara-contributors@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mahara-contributors
More help : https://help.launchpad.net/ListHelp
