Roundup Tracker - Issues


Author schlatterbeck
Recipients ber, davidben, ezio.melotti, schlatterbeck
Date 2012-05-22.06:56:41
Message-id <>
I've looked through the code and found no message that used html markup
(e.g. bold or italics) in the message. For this reason I chose to go the
more secure route and completely escape the message string.

Ezio: I hadn't looked at your patch before but I think, the approach of
first escaping everything and *then* re-enable allowed tags should also
be secure enough. So if anybody really needs the feature of highlighting
parts of a message I'm open for including this again, feel free to open
a feature request.

But given that the feature seems to be unused I guess we can live
without highlighting in messages.
Date User Action Args
2012-05-22 06:56:42schlatterbecksetmessageid: <>
2012-05-22 06:56:42schlatterbecksetrecipients: + schlatterbeck, ber, ezio.melotti, davidben
2012-05-22 06:56:42schlatterbecklinkissue2550724 messages
2012-05-22 06:56:41schlatterbeckcreate