Escape HTML entities "<", ">", '"', "&" to prevent XSS exploits
|Assignee:||Dan Gillean||% Done:|
|Target version:||Release 2.2.0|
|Google Code Legacy ID:||Tested version:||2.2|
#3 Updated by Jesús García Crespo over 5 years ago
- Status changed from In progress to QA/Review
- Assignee changed from Jesús García Crespo to Dan Gillean
- Requires documentation changed from No to Yes
Fixed in https://github.com/artefactual/atom/commit/0fb9a592a32d5c6215ecd606b530ddc7013e2b4b.
Pull request: https://github.com/artefactual/atom/pull/76. See also #7699.
#4 Updated by Dan Gillean over 5 years ago
- Status changed from QA/Review to Verified
This was rigorously tested in a separate site before merging. Having been merged now for over a month, I have not found any regressions that I can tie to this. I did some basic testing of several of the entities to confirm the merge, and the described entities are still being escaped. Going to consider this verified.
#6 Updated by Dan Gillean about 5 years ago
- Requires documentation deleted (