Launchpad itself

Y.lp.soyuz.base.makeFailureNode and .makeInProgressNode do not escape given text before inserting into DOM

Bug #744204 reported by Gavin Panella on 2011-03-28

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Fix Released	Critical	Henning Eggers	Launchpad itself 11.05

Bug Description

Specifically they do things like:

message.set('innerHTML', text);

Instead they should do:

message.set('text', text);

OTOH, if these functions are meant to accept mark-up I would argue
that that's a design flaw. They should accept a single Y.Node in that
case (or a DOM node I suppose).

Tags:

Related branches

lp://staging/~henninge/launchpad/devel-744204-escaping-soyuz-base

Merged into lp://staging/launchpad at revision 12796

Robert Collins (community): Approve on 2011-04-11

William Grant: Approve (code*) on 2011-04-11

Henning Eggers (henninge) on 2011-04-08

Changed in launchpad:
status:	Triaged → In Progress
assignee:	nobody → Henning Eggers (henninge)

Revision history for this message

Launchpad QA Bot (lpqabot) wrote on 2011-04-11:

Fixed in stable r12796 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/12796>.

Changed in launchpad:
milestone:	none → 11.05
tags:	added: qa-needstesting
Changed in launchpad:
status:	In Progress → Fix Committed

William Grant (wgrant) on 2011-04-12

tags:

added: qa-ok
removed: qa-needstesting

Deryck Hodge (deryck) on 2011-04-19

Changed in launchpad:
status:	Fix Committed → Fix Released

William Grant (wgrant) on 2012-08-24

visibility:

private → public

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.