Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Escape text #379

Closed
Krinkle opened this Issue · 0 comments

1 participant

Timo Tijhof
Timo Tijhof
Collaborator

There's a whole bunch of places where we build html strings by hand and don't escape test names or module names.

Timo Tijhof Krinkle was assigned
Timo Tijhof Krinkle closed this issue from a commit
Timo Tijhof Krinkle Escape text. Fixes #379.
* Rename escapeInnerText to escapeText and include singe quotes
  and double quotes.
* Consistent use of `bool="bool"` instead of `bool`.
* Add regression tests for unescaped names in module, test and
  assertion.
* Escape everything that does not explicitly support HTML
  (even urlConfig.id for example).
  In DOM methods text is default and HTML needs parsing. But when
  writing HTML it is the opposite: text needs escaping and html
  is default. So for security we need to reverse that and ensure
  we're escaping stuff by default.
* Rename Test..name to Test..nameHtml (because it is).
476fb66
Timo Tijhof Krinkle closed this in 476fb66
PandaNoir PandaNoir referenced this issue
Closed

html entities #386

James M. Greene JamesMGreene referenced this issue from a commit
Timo Tijhof Krinkle Escape text. Fixes #379.
* Rename escapeInnerText to escapeText and include singe quotes
  and double quotes.
* Consistent use of `bool="bool"` instead of `bool`.
* Add regression tests for unescaped names in module, test and
  assertion.
* Escape everything that does not explicitly support HTML
  (even urlConfig.id for example).
  In DOM methods text is default and HTML needs parsing. But when
  writing HTML it is the opposite: text needs escaping and html
  is default. So for security we need to reverse that and ensure
  we're escaping stuff by default.
* Rename Test..name to Test..nameHtml (because it is).
3b9457b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.