Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[issue_tracker] Resolves special characters in titles #8842

Merged
merged 2 commits into from
Aug 16, 2023
Merged

[issue_tracker] Resolves special characters in titles #8842

merged 2 commits into from
Aug 16, 2023

Conversation

charlottesce
Copy link
Contributor

Brief summary of changes

Resolves how special characters were appearing encoded in the title in the filterable table and the title of the issue itself e.g. &, ", etc. instead of &, ", etc.

Testing instructions (if applicable)

  1. Go to Tools -> Issue Tracker
  2. Create a new issue and put the special characters &, <, >, " in the title; fill out necessary fields -> click Submit
    a. In the main page, the title of the issue in the table should have the characters above as is, and not "&amp;", etc.
  3. Click to Edit the issue you just created
    a. In the edit form, the title of the issue in the table should again have the characters above, and not "&amp;", etc.

Note

This is a CCNA override - https://github.com/aces/CCNA/pull/4032, https://github.com/aces/CCNA/pull/4084

@charlottesce charlottesce added the Priority: Projects PR or issue is a priority for at least one project and should be a higher priority for LORIS label Jul 19, 2023
@regisoc regisoc self-assigned this Aug 10, 2023
@regisoc regisoc self-requested a review August 10, 2023 14:59
regisoc
regisoc approved these changes Aug 10, 2023
View reviewed changes
Copy link
Contributor

@regisoc regisoc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested. LGTM.

ridz1208
ridz1208 requested changes Aug 10, 2023
View reviewed changes
Copy link
Collaborator

@ridz1208 ridz1208 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no no no no no no no no no no no

@ridz1208
Copy link
Collaborator

ridz1208 commented Aug 10, 2023
edited

@charlottesce The current solution is only masking the fact that the data is encoded for security but never decoded. The real solution here is that we simply no longer need to encode the data and should instead be saving it with unsafeupdate and unsafeinsert instead.

I can not comment on the specific lines as they are not in the PR but here are the locations

there may be other places I misssed

@charlottesce charlottesce added the Needs Work PR awaiting additional changes by the author or contains issues that the author needs to fix label Aug 10, 2023
@charlottesce charlottesce removed the Needs Work PR awaiting additional changes by the author or contains issues that the author needs to fix label Aug 10, 2023
ridz1208
ridz1208 approved these changes Aug 11, 2023
View reviewed changes
Copy link
Collaborator

@ridz1208 ridz1208 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bellissimo !

@driusan please double check the security risk

@driusan
Copy link
Collaborator

driusan commented Aug 15, 2023

do we need an unescaping script to fix existing data?

@driusan driusan merged commit 3baac58 into aces:24.1-release Aug 16, 2023
9 checks passed
@ridz1208 ridz1208 added this to the 24.1.5 milestone Nov 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ridz1208 ridz1208 ridz1208 approved these changes

@regisoc regisoc regisoc approved these changes

Assignees

@regisoc regisoc

Labels
Priority: Projects PR or issue is a priority for at least one project and should be a higher priority for LORIS
Projects
None yet
Milestone
24.1.5
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@charlottesce @ridz1208 @driusan @regisoc