Closed Bug 629550 Opened 14 years ago Closed 14 years ago

Audit uses of |safe in templates

Tracking

(Not tracked)

Status:

VERIFIED FIXED

Milestone:

3.1

People

(Reporter: wenzel, Assigned: wenzel)

Details

(Whiteboard: [qa-])

Fred Wenzel [:wenzel]

Assignee

Description

•

14 years ago

Per the playdoh best practices[1], |safe should be used very sparingly. Need to audit the places where we use it in Input and remove any possibly unsafe uses.

Fred Wenzel [:wenzel]

Assignee

Comment 1

•

14 years ago

Belated footnote: [1] http://mozilla.github.com/playdoh/bestpractices/#safe-considered-harmful

Fred Wenzel [:wenzel]

Assignee

Comment 2

•

14 years ago

I fixed the two instances of |f()|safe that I found with the new |fe() helper. http://github.com/fwenzel/reporter/commit/509f9f3 When work on bug 627449 is done, we should revisit this and remove all instances of |safe from form fields, but that's no longer a security issue. This is [qa-] as it is an internal-code-only thing.

Status: NEW → RESOLVED

Closed: 14 years ago

Resolution: --- → FIXED

Whiteboard: [qa-]

Rebecca Billings [:rbillings]

Comment 3

•

14 years ago

Closed as [qa-]

Status: RESOLVED → VERIFIED

Nobody; OK to take it and work on it

Updated

•

14 years ago

Component: Input → General

Product: Webtools → Input

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Audit uses of |safe in templates

Categories

(Input :: General, defect, P2)

Tracking

(Not tracked)

People

(Reporter: wenzel, Assigned: wenzel)

References

Details

(Whiteboard: [qa-])

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Comment 3

Updated