Opened 10 years ago
Closed 9 years ago
#25018 closed Cleanup/optimization (fixed)
Make simple_tag apply conditional_escape() to its output
Reported by: | Tim Graham | Owned by: | nobody |
---|---|---|---|
Component: | Template system | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Accepted | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | yes |
Easy pickings: | no | UI/UX: | no |
Description
This is a security hardening to help prevent XSS (and incorrect HTML) for the common use case of simple_tag.
Note:
See TracTickets
for help on using tickets.
PR has a test failure.