You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When configuring an instance's name as (for example) "Hello & World", the & shows up as & wherever the organization name is used, because it is escaped when it is being set and again when it is being displayed.
Comments
As far as I can tell, the organization name is the only user provided input that is escaped before it is set - oversight or intentional?
The text was updated successfully, but these errors were encountered:
If the entry is escaped, we'd need to mark every use of it in the
templates as `| safe` which is more dubious than not escaping the
database entry in the first place.
Fixes#6357
If the entry is escaped, we'd need to mark every use of it in the
templates as `| safe` which is more dubious than not escaping the
database entry in the first place.
Fixes#6357
If the entry is escaped, we'd need to mark every use of it in the
templates as `| safe` which is more dubious than not escaping the
database entry in the first place.
Fixes#6357
Description
When configuring an instance's name as (for example) "Hello & World", the
&
shows up as&
wherever the organization name is used, because it is escaped when it is being set and again when it is being displayed.Comments
As far as I can tell, the organization name is the only user provided input that is escaped before it is set - oversight or intentional?
The text was updated successfully, but these errors were encountered: