diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2010-07-23 00:46:02 +0200 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2010-07-23 00:46:02 +0200 |
commit | ddb5db354ac1b55ce99c9d0e977a2a63099f4c21 (patch) | |
tree | 644fe8ebb504af5d5e025ece6eb123a1094137c3 /docs/en/xml | |
parent | 1ccdf14572251c8fe39cf2065fd3ca16da01e1a3 (diff) | |
download | bugzilla-ddb5db354ac1b55ce99c9d0e977a2a63099f4c21.tar.gz bugzilla-ddb5db354ac1b55ce99c9d0e977a2a63099f4c21.tar.xz |
Bug 398701: Replace |FILTER url_quote| by |FILTER uri|
r/a=mkanat
Diffstat (limited to 'docs/en/xml')
-rw-r--r-- | docs/en/xml/customization.xml | 15 |
1 files changed, 3 insertions, 12 deletions
diff --git a/docs/en/xml/customization.xml b/docs/en/xml/customization.xml index f397cff53..9b62b1d0b 100644 --- a/docs/en/xml/customization.xml +++ b/docs/en/xml/customization.xml @@ -207,21 +207,12 @@ This means that if the data can possibly contain special HTML characters such as <, and the data was not intended to be HTML, they need to be converted to entity form, i.e. &lt;. You use the 'html' filter in the - Template Toolkit to do this. If you forget, you may open up - your installation to cross-site scripting attacks. + Template Toolkit to do this (or the 'uri' filter to encode special + characters in URLs). If you forget, you may open up your installation + to cross-site scripting attacks. </para> <para> - Also note that Bugzilla adds a few filters of its own, that are not - in standard Template Toolkit. In particular, the 'url_quote' filter - can convert characters that are illegal or have special meaning in URLs, - such as &, to the encoded form, i.e. %26. This actually encodes most - characters (but not the common ones such as letters and numbers and so - on), including the HTML-special characters, so there's never a need to - HTML filter afterwards. - </para> - - <para> Editing templates is a good way of doing a <quote>poor man's custom fields</quote>. For example, if you don't use the Status Whiteboard, but want to have |