Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Escape text #379

Closed
Krinkle opened this Issue · 0 comments

1 participant

@Krinkle
Collaborator

There's a whole bunch of places where we build html strings by hand and don't escape test names or module names.

@Krinkle Krinkle was assigned
@Krinkle Krinkle closed this issue from a commit
@Krinkle Krinkle Escape text. Fixes #379.
* Rename escapeInnerText to escapeText and include singe quotes
  and double quotes.
* Consistent use of `bool="bool"` instead of `bool`.
* Add regression tests for unescaped names in module, test and
  assertion.
* Escape everything that does not explicitly support HTML
  (even urlConfig.id for example).
  In DOM methods text is default and HTML needs parsing. But when
  writing HTML it is the opposite: text needs escaping and html
  is default. So for security we need to reverse that and ensure
  we're escaping stuff by default.
* Rename Test..name to Test..nameHtml (because it is).
476fb66
@Krinkle Krinkle closed this in 476fb66
@PandaNoir PandaNoir referenced this issue
Closed

html entities #386

@JamesMGreene JamesMGreene referenced this issue from a commit
@Krinkle Krinkle Escape text. Fixes #379.
* Rename escapeInnerText to escapeText and include singe quotes
  and double quotes.
* Consistent use of `bool="bool"` instead of `bool`.
* Add regression tests for unescaped names in module, test and
  assertion.
* Escape everything that does not explicitly support HTML
  (even urlConfig.id for example).
  In DOM methods text is default and HTML needs parsing. But when
  writing HTML it is the opposite: text needs escaping and html
  is default. So for security we need to reverse that and ensure
  we're escaping stuff by default.
* Rename Test..name to Test..nameHtml (because it is).
3b9457b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.