Opened 16 years ago

Closed 14 years ago

Last modified 7 years ago

#7697 closed (fixed)

safe strings in debug page shown as html

Reported by: charmless Owned by: Chris Beaven
Component: Core (Other) Version: dev
Severity: Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

if a local variable is a safe string, then it will display in the debug output as unescaped, rendered HTML.
Expected: Should render as some sort of useful repr() of the string.

Attachments (2)

7697.diff (2.0 KB ) - added by Chris Beaven 15 years ago.
7697.2.diff (2.7 KB ) - added by Chris Beaven 14 years ago.

Download all attachments as: .zip

Change History (8)

comment:1 by Sung-jin Hong, 16 years ago

Triage Stage: UnreviewedAccepted

comment:2 by Chris Beaven, 15 years ago

Owner: changed from nobody to Chris Beaven
Status: newassigned

by Chris Beaven, 15 years ago

Attachment: 7697.diff added

by Chris Beaven, 14 years ago

Attachment: 7697.2.diff added

comment:3 by Chris Beaven, 14 years ago

Has patch: set
Triage Stage: AcceptedReady for checkin

comment:4 by Malcolm Tredinnick, 14 years ago

Resolution: fixed
Status: assignedclosed

(In [13741]) Display a repr-like result for safe-string local variables on the debug page.

Fixed #7697. Thanks, SmileyChris.

comment:5 by Tim Graham <timograham@…>, 7 years ago

In 293608a2:

Refs #7697 -- Removed unnecessary force_escape of technical 500 debug view "unicode hint".

The test passes before and after the removal. unicode_hint will never
be SafeText, so normal autoescaping is sufficient.

comment:6 by GitHub <noreply@…>, 7 years ago

In d70432de:

Refs #7697 -- Tested escaping of safe strings in the technical 500 debug view.

Tests were omitted in the original commit: a56a226241f5808b2eaf1e4b5a155d35047b8a06.

Note: See TracTickets for help on using tickets.
Back to Top