Closed Bug 738669 Opened 13 years ago Closed 13 years ago

We should probably escape html pulled in via <bugzilla /> wiki tags.

Categories

(Websites :: wiki.mozilla.org, defect)

Product:
Websites
Component:
wiki.mozilla.org
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: davidb, Assigned: brandon)

Details

(Whiteboard: [mediawiki-bugzilla])

STR: pull in a bug list that has html in the summary text. Current example: https://wiki.mozilla.org/Accessibility/Contribute/GFB
Whiteboard: [mediawiki-bugzilla]
Fixed in https://github.com/LegNeato/mediawiki-bugzilla/commit/9258963726ca51a285ae6c1089430f452248466e Not sure how we want to roll it out (I guess I can't do a pull request to mozilla/mediawiki-bugzilla because my repo is the source?), assigning to Lawrence. Also, why can't I mark this as secure? We could have issues if someone writes a bug and then includes a query into the wiki (anyone can do both). /cc mwcoates
Assignee: nobody → lmandel
Status: NEW → ASSIGNED
Reassigning to Brandon.
Assignee: lmandel → bsavage
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.