RubyForge: RubyForge Support: Detail: 27312 Only when not logged in, a tracker entry summary is not HTML quoted properly

[#27312] Only when not logged in, a tracker entry summary is not HTML quoted properly

Date:
2009-10-18 06:54 Priority:
3

Submitted By:
Yves-Eric Martin (yemartin) Assigned To:
Nobody (None)

Category:
None State:
Open

Summary:
Only when not logged in, a tracker entry summary is not HTML quoted properly

Detailed description

Problem:
========

When logged in, the summary of the following ticket (that contains <script> and <style>) is HTML-quoted
properly:

http://rubyforge.org/tracker/index.php?func=detail&aid=27311&group_id=1716&atid=6686

However, when logged out, the HTML-quoting does not happen, breaking the page.


Steps to reproduce:
===================

1) Submit a new tracker entry that contains "<script>" in the summary
2) Log out
3) Access the entry page


Expected behavior:
==================

The HTML quoting of the summary should happen whether the user is logged-in or browsing anonymously.

Add A Comment:

Please login

Followup

No Followups Have Been Posted

Attached Files:

Name	Description	Download

No Files Currently Attached

[#27312] Only when not logged in, a tracker entry summary is not HTML quoted properly

Please login

Followup

No Followups Have Been Posted

Attached Files:

Changes:

No Changes Have Been Made to This Item