Per the playdoh best practices, |safe should be used very sparingly. Need to audit the places where we use it in Input and remove any possibly unsafe uses.
Belated footnote:  http://mozilla.github.com/playdoh/bestpractices/#safe-considered-harmful
I fixed the two instances of |f()|safe that I found with the new |fe() helper. http://github.com/fwenzel/reporter/commit/509f9f3 When work on bug 627449 is done, we should revisit this and remove all instances of |safe from form fields, but that's no longer a security issue. This is [qa-] as it is an internal-code-only thing.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Closed as [qa-]
Status: RESOLVED → VERIFIED
Component: Input → General
Product: Webtools → Input
You need to log in before you can comment on or make changes to this bug.