Message4567
I've looked through the code and found no message that used html markup
(e.g. bold or italics) in the message. For this reason I chose to go the
more secure route and completely escape the message string.
Ezio: I hadn't looked at your patch before but I think, the approach of
first escaping everything and *then* re-enable allowed tags should also
be secure enough. So if anybody really needs the feature of highlighting
parts of a message I'm open for including this again, feel free to open
a feature request.
But given that the feature seems to be unused I guess we can live
without highlighting in messages. |
|
Date |
User |
Action |
Args |
2012-05-22 06:56:42 | schlatterbeck | set | messageid: <1337669802.36.0.958676034766.issue2550724@psf.upfronthosting.co.za> |
2012-05-22 06:56:42 | schlatterbeck | set | recipients:
+ schlatterbeck, ber, ezio.melotti, davidben |
2012-05-22 06:56:42 | schlatterbeck | link | issue2550724 messages |
2012-05-22 06:56:41 | schlatterbeck | create | |
|