FI-508: Prevent html rendering in responses #442

Jammjammjamm · 2020-03-20T15:10:18Z

The CGI.escapeHTML method doesn't work if the html is escaped unicode. This branch unescapes all escaped unicode in responses so that html is not rendered when displaying responses.

Before:

After:

Submitter:

This pull request describes why these changes were made
Internal ticket links to this PR
Internal ticket is properly labeled (Community/Program)
Internal ticket has a justification for its Community/Program label
Code diff has been reviewed for extraneous/missing code
n/a Tests are included and test edge cases
Tests/code quality metrics have been run locally and pass

Reviewer 1:

Name:

Code is maintainable and reusable, reuses existing code and infrastructure
where appropriate, and accomplishes the task's purpose
The tests appropriately test the new code, including edge cases
You have tried to break the code

Reviewer 2:

Name:

Code is maintainable and reusable, reuses existing code and infrastructure
where appropriate, and accomplishes the task's purpose
The tests appropriately test the new code, including edge cases
You have tried to break the code

unescape unicode in responses

e598c7a

Jammjammjamm self-assigned this Mar 20, 2020

arscan approved these changes Apr 3, 2020

View reviewed changes

arscan merged commit a22579c into development Apr 3, 2020

Jammjammjamm deleted the fi-508-prevent-html-in-responses branch April 3, 2020 17:06

radamson mentioned this pull request Aug 9, 2020

Version 2.10.0 #481

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FI-508: Prevent html rendering in responses #442

FI-508: Prevent html rendering in responses #442

Jammjammjamm commented Mar 20, 2020 •

edited by arscan

FI-508: Prevent html rendering in responses #442

FI-508: Prevent html rendering in responses #442

Conversation

Jammjammjamm commented Mar 20, 2020 • edited by arscan

Jammjammjamm commented Mar 20, 2020 •

edited by arscan