HTML entities are not encoded

XMLWordPrintable

    • Type: Incident report
    • Resolution: Won't fix
    • Priority: Major
    • 2.1.0
    • Affects Version/s: 1.9.8 (beta), 2.1.0
    • Component/s: Frontend (F)

      "&" is not escaped on output it leads to many problems. For example:

      • go to graph creation form, enter graph name as "graph >", click preview button, after refresh graph name converts to "graph >".
      • previous leads to two graphs/apps/items... with identical names. Create one with ">" in name, another with ">". In frontend these will look identical.
      • in item list subfilter if item has application which name contain ">" subfilter for that app can be enabled but then connot be disabled.

      Solution apply sheath function CHtml::encode() to every field which is displaying inside not input element.

        1. SERVER_Dashboard_20130611-152044.png
          90 kB
          Pavels Jelisejevs
        There are no Sub-Tasks for this issue.

            Assignee:
            Unassigned
            Reporter:
            Alexey Fukalov
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: