Y.lp.soyuz.base.makeFailureNode and .makeInProgressNode do not escape given text before inserting into DOM

Bug #744204 reported by Gavin Panella
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
Critical
Henning Eggers

Bug Description

Specifically they do things like:

    message.set('innerHTML', text);

Instead they should do:

    message.set('text', text);

OTOH, if these functions are meant to accept mark-up I would argue
that that's a design flaw. They should accept a single Y.Node in that
case (or a DOM node I suppose).

Tags: qa-ok

Related branches

Changed in launchpad:
status: Triaged → In Progress
assignee: nobody → Henning Eggers (henninge)
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :
Changed in launchpad:
milestone: none → 11.05
tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
William Grant (wgrant)
tags: added: qa-ok
removed: qa-needstesting
Deryck Hodge (deryck)
Changed in launchpad:
status: Fix Committed → Fix Released
William Grant (wgrant)
visibility: private → public
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.