mahara-contributors team mailing list archive

[Jono Mingard <jonom@xxxxxxxxxxxxxxx>]

Public bug reported:

Normally when an element's 'title' attribute is rendered (eg. into a
label) it is HTML-escaped. However, there are still a few places where
it isn't, so putting HTML in the label's language string can mess up
some pages. This should probably be escaped everywhere it's used (to be
consistent).

To complicate things, there's an optional 'labelescaped' attribute that
can be added to elements which (contrary to the name) means the label
*shouldn't* be escaped.

Affects latest master

** Affects: mahara
     Importance: Medium
     Assignee: Jono Mingard (mingard)
         Status: In Progress

** Changed in: mahara
       Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1496683

Title:
  Unescaped 'title' strings used in pieforms elements

Status in Mahara:
  In Progress

Bug description:
  Normally when an element's 'title' attribute is rendered (eg. into a
  label) it is HTML-escaped. However, there are still a few places where
  it isn't, so putting HTML in the label's language string can mess up
  some pages. This should probably be escaped everywhere it's used (to
  be consistent).

  To complicate things, there's an optional 'labelescaped' attribute
  that can be added to elements which (contrary to the name) means the
  label *shouldn't* be escaped.

  Affects latest master

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1496683/+subscriptions