Public bug reported: Normally when an element's 'title' attribute is rendered (eg. into a label) it is HTML-escaped. However, there are still a few places where it isn't, so putting HTML in the label's language string can mess up some pages. This should probably be escaped everywhere it's used (to be consistent).
To complicate things, there's an optional 'labelescaped' attribute that can be added to elements which (contrary to the name) means the label *shouldn't* be escaped. Affects latest master ** Affects: mahara Importance: Medium Assignee: Jono Mingard (mingard) Status: In Progress ** Changed in: mahara Status: Confirmed => In Progress -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1496683 Title: Unescaped 'title' strings used in pieforms elements Status in Mahara: In Progress Bug description: Normally when an element's 'title' attribute is rendered (eg. into a label) it is HTML-escaped. However, there are still a few places where it isn't, so putting HTML in the label's language string can mess up some pages. This should probably be escaped everywhere it's used (to be consistent). To complicate things, there's an optional 'labelescaped' attribute that can be added to elements which (contrary to the name) means the label *shouldn't* be escaped. Affects latest master To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1496683/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp