-
Notifications
You must be signed in to change notification settings - Fork 175
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[issue_tracker] Resolves special characters in titles #8842
[issue_tracker] Resolves special characters in titles #8842
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested. LGTM.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no no no no no no no no no no no
@charlottesce The current solution is only masking the fact that the data is encoded for security but never decoded. The real solution here is that we simply no longer need to encode the data and should instead be saving it with unsafeupdate and unsafeinsert instead. I can not comment on the specific lines as they are not in the PR but here are the locations
there may be other places I misssed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
bellissimo !
@driusan please double check the security risk
do we need an unescaping script to fix existing data? |
Brief summary of changes
Resolves how special characters were appearing encoded in the title in the filterable table and the title of the issue itself e.g.
&, ", etc.
instead of&, ", etc.
Testing instructions (if applicable)
&, <, >, "
in the title; fill out necessary fields -> click Submita. In the main page, the title of the issue in the table should have the characters above as is, and not "
&
", etc.a. In the edit form, the title of the issue in the table should again have the characters above, and not "
&
", etc.Note
This is a CCNA override - https://github.com/aces/CCNA/pull/4032, https://github.com/aces/CCNA/pull/4084