diff options
| author | mkanat%bugzilla.org <> | 2006-09-22 08:19:03 +0200 |
|---|---|---|
| committer | mkanat%bugzilla.org <> | 2006-09-22 08:19:03 +0200 |
| commit | 6c0f16ffbf7b39da24ded73e17fd2fc0ea4e1a75 (patch) | |
| tree | 01b6bc59ac81cec31c465487b6283645e6567984 /Bugzilla | |
| parent | c4840b684916affdf475076faa5ad698d5dc54b5 (diff) | |
| download | bugzilla-6c0f16ffbf7b39da24ded73e17fd2fc0ea4e1a75.tar.gz bugzilla-6c0f16ffbf7b39da24ded73e17fd2fc0ea4e1a75.tar.xz | |
Bug 351994: Messages shouldn't contain HTML characters unless we're in USAGE_MODE_BROWSER
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=ghendricks, a=myk
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Template.pm | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index b54c4a0f2..7149828ef 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -760,6 +760,22 @@ sub create { 1 ], + # Note that using this filter is even more dangerous than + # using "none," and you should only use it when you're SURE + # the output won't be displayed directly to a web browser. + txt => sub { + my ($var) = @_; + # Trivial HTML tag remover + $var =~ s/<[^>]*>//g; + # And this basically reverses the html filter. + $var =~ s/\@/@/g; + $var =~ s/\</</g; + $var =~ s/\>/>/g; + $var =~ s/\"/\"/g; + $var =~ s/\&/\&/g; + return $var; + }, + # Wrap a displayed comment to the appropriate length wrap_comment => \&Bugzilla::Util::wrap_comment, |