Audit uses of |safe in templates

VERIFIED FIXED in 3.1

Status

Input
General
P2
normal
VERIFIED FIXED
7 years ago
7 years ago

People

(Reporter: wenzel, Assigned: wenzel)

Tracking

Details

(Whiteboard: [qa-])

(Assignee)

Description

7 years ago
Per the playdoh best practices[1], |safe should be used very sparingly. Need to audit the places where we use it in Input and remove any possibly unsafe uses.
(Assignee)

Comment 2

7 years ago
I fixed the two instances of |f()|safe that I found with the new |fe() helper.

http://github.com/fwenzel/reporter/commit/509f9f3

When work on bug 627449 is done, we should revisit this and remove all instances of |safe from form fields, but that's no longer a security issue.

This is [qa-] as it is an internal-code-only thing.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Whiteboard: [qa-]
Closed as [qa-]
Status: RESOLVED → VERIFIED
Component: Input → General
Product: Webtools → Input
You need to log in before you can comment on or make changes to this bug.