Created attachment 748617 [details] [diff] [review] v1 patch Template toolkit provides a html_line_break filter http://search.cpan.org/~abw/Template-Toolkit-2.14/lib/Template/Filters.pm#html_line_break but Bugzilla does not recognise this as a valid filter. Note: This is different to Bugzilla's html_linebreak filter.
Assignee: testing → sgreen
Severity: normal → trivial
Status: NEW → ASSIGNED
OS: Linux → All
Hardware: x86_64 → All
Target Milestone: --- → Bugzilla 4.4
Comment on attachment 748617 [details] [diff] [review] v1 patch r=glob
Attachment #748617 - Flags: review?(glob) → review+
Comment on attachment 748617 [details] [diff] [review] v1 patch The TT html_line_break filter only replaces newlines by <br>, but doesn't do any filtering at all, and so the content remains unfiltered, i.e. unsafe. Our own html_linebreak filters content, and so is safe. I cannot accept this patch.
Attachment #748617 - Flags: review-
html_line_break is not a HTML filter. What you want to write is: [% foo FILTER html FILTER html_line_break %]
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → WONTFIX
Target Milestone: Bugzilla 4.4 → ---
You need to log in before you can comment on or make changes to this bug.