when I put something like: special site <a href="http://www.google.com">google</a> as a description, and display editkeywords.cgi I see the raw HTML. But when I look at describekeywords.cgi I see a link.
Hrm. What's our intention here? To never HTML-filter it, or to always HTML-filter it? If we don't filter it, that means that we trust anybody with "editkeywords" to not do any scripting there.
Severity: minor → normal
Summary: editkeywords.cgi does not HTMLify descriptions → editkeywords.cgi and describekeywords.cgi treat description differently as regards HTML
Whiteboard: [Good Intro Bug]
Depends on: 206037
Whiteboard: [Good Intro Bug] → [blocker will fix]
Target Milestone: Bugzilla 3.0 → Bugzilla 2.18
I have fixed this bug as part of bug 206037. Reassigning to me.
Assignee: general → LpSolit
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.