Opened 9 years ago

Closed 7 years ago

Last modified 7 weeks ago

#7697 closed (fixed)

safe strings in debug page shown as html

Reported by: charmless Owned by: Chris Beaven
Component: Core (Other) Version: master
Severity: Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

if a local variable is a safe string, then it will display in the debug output as unescaped, rendered HTML.
Expected: Should render as some sort of useful repr() of the string.

Attachments (2)

7697.diff (2.0 KB) - added by Chris Beaven 8 years ago.
7697.2.diff (2.7 KB) - added by Chris Beaven 7 years ago.

Download all attachments as: .zip

Change History (8)

comment:1 Changed 9 years ago by Sung-jin Hong

Triage Stage: UnreviewedAccepted

comment:2 Changed 8 years ago by Chris Beaven

Owner: changed from nobody to Chris Beaven
Status: newassigned

Changed 8 years ago by Chris Beaven

Attachment: 7697.diff added

Changed 7 years ago by Chris Beaven

Attachment: 7697.2.diff added

comment:3 Changed 7 years ago by Chris Beaven

Has patch: set
Triage Stage: AcceptedReady for checkin

comment:4 Changed 7 years ago by Malcolm Tredinnick

Resolution: fixed
Status: assignedclosed

(In [13741]) Display a repr-like result for safe-string local variables on the debug page.

Fixed #7697. Thanks, SmileyChris.

comment:5 Changed 7 weeks ago by Tim Graham <timograham@…>

In 293608a2:

Refs #7697 -- Removed unnecessary force_escape of technical 500 debug view "unicode hint".

The test passes before and after the removal. unicode_hint will never
be SafeText, so normal autoescaping is sufficient.

comment:6 Changed 7 weeks ago by GitHub <noreply@…>

In d70432de:

Refs #7697 -- Tested escaping of safe strings in the technical 500 debug view.

Tests were omitted in the original commit: a56a226241f5808b2eaf1e4b5a155d35047b8a06.

Note: See TracTickets for help on using tickets.
Back to Top