Opened 10 years ago

Closed 9 years ago

#25018 closed Cleanup/optimization (fixed)

Make simple_tag apply conditional_escape() to its output

Reported by: Tim Graham Owned by: nobody
Component: Template system Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description

This is a security hardening to help prevent XSS (and incorrect HTML) for the common use case of simple_tag.

Change History (2)

comment:1 by Tim Graham, 10 years ago

PR has a test failure.

comment:2 by Tim Graham <timograham@…>, 9 years ago

Resolution: fixed
Status: newclosed

In aef2a0e:

Fixed #25018 -- Changed simple_tag to apply conditional_escape() to its output.

This is a security hardening fix to help prevent XSS (and incorrect HTML)
for the common use case of simple_tag.

Thanks to Tim Graham for the review.

Note: See TracTickets for help on using tickets.
Back to Top