Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[issue_tracker] Resolves special characters in titles #8842

Conversation

charlottesce
Copy link
Contributor

Brief summary of changes

Resolves how special characters were appearing encoded in the title in the filterable table and the title of the issue itself e.g. &, ", etc. instead of &, ", etc.

Testing instructions (if applicable)

  1. Go to Tools -> Issue Tracker
  2. Create a new issue and put the special characters &, <, >, " in the title; fill out necessary fields -> click Submit
    a. In the main page, the title of the issue in the table should have the characters above as is, and not "&amp;", etc.
  3. Click to Edit the issue you just created
    a. In the edit form, the title of the issue in the table should again have the characters above, and not "&amp;", etc.

Note

This is a CCNA override - https://github.com/aces/CCNA/pull/4032, https://github.com/aces/CCNA/pull/4084

@regisoc regisoc self-assigned this Aug 10, 2023
@regisoc regisoc self-requested a review August 10, 2023 14:59
Copy link
Contributor

@regisoc regisoc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested. LGTM.

Copy link
Collaborator

@ridz1208 ridz1208 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no no no no no no no no no no no

@ridz1208
Copy link
Collaborator

ridz1208 commented Aug 10, 2023

@charlottesce The current solution is only masking the fact that the data is encoded for security but never decoded. The real solution here is that we simply no longer need to encode the data and should instead be saving it with unsafeupdate and unsafeinsert instead.

I can not comment on the specific lines as they are not in the PR but here are the locations

there may be other places I misssed

@charlottesce charlottesce added the State: Needs work PR awaiting additional work by the author to proceed label Aug 10, 2023
@charlottesce charlottesce removed the State: Needs work PR awaiting additional work by the author to proceed label Aug 10, 2023
@charlottesce charlottesce requested a review from ridz1208 August 11, 2023 00:38
Copy link
Collaborator

@ridz1208 ridz1208 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bellissimo !

@driusan please double check the security risk

@driusan
Copy link
Collaborator

driusan commented Aug 15, 2023

do we need an unescaping script to fix existing data?

@driusan driusan merged commit 3baac58 into aces:24.1-release Aug 16, 2023
@ridz1208 ridz1208 added this to the 24.1.5 milestone Nov 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants