HTML is not escaped in departments descriptions
HTML is not escaped in departments descriptions
Description
If you put HTML in a department description field, it gets rendered in the department list.
FusionDirectory Version
1.2
Steps to Reproduce
- Create a department
- Put
<b>FooBar</b><br> is the name.in the description - Look at the department list
Expected behavior:
HTML is escaped
Actual behavior:
HTML is rendered
Additional Information
Department tree in base field is affected as well. Other columns should be checked as well for most objects, and we should make sure 1.4 management class does not have the problem.
Activity
changed milestone to %FusionDirectory 1.3
By Côme Chilliet on 2018-08-13T13:07:16 (imported from GitLab)
added fixes label
By Côme Chilliet on 2018-08-13T13:07:31 (imported from GitLab)
created branch
5868-html-is-not-escaped-in-departments-descriptionsBy Côme Chilliet on 2018-08-13T15:22:14 (imported from GitLab)
mentioned in commit e556bcc3
By Côme Chilliet on 2018-08-13T15:35:03 (imported from GitLab)
created branch
5868-html-is-not-escaped-in-departments-descriptionsBy Côme Chilliet on 2018-08-14T07:33:01 (imported from GitLab)
mentioned in commit 9b471a93
By Côme Chilliet on 2018-08-14T07:34:03 (imported from GitLab)
added PJ1802-0188 label
By Côme Chilliet on 2018-08-14T08:31:56 (imported from GitLab)
created branch
5868-html-is-not-escaped-in-departments-descriptionsBy Côme Chilliet on 2018-08-14T08:32:10 (imported from GitLab)
mentioned in commit 71a226e1
By Côme Chilliet on 2018-08-14T08:39:13 (imported from GitLab)
created branch
5868-html-is-not-escaped-in-departments-descriptionsBy Côme Chilliet on 2018-08-14T13:08:43 (imported from GitLab)
mentioned in commit cb71ee0e
By Côme Chilliet on 2018-08-14T13:10:32 (imported from GitLab)
added fixes-merged and removed fixes labels
By Côme Chilliet on 2018-08-14T14:32:54 (imported from GitLab)
changed milestone to %FusionDirectory 1.2.2
By Côme Chilliet on 2018-08-14T14:32:55 (imported from GitLab)
