You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by "Anil Gangolli (JIRA)" <ji...@apache.org> on 2015/11/22 16:29:10 UTC
[jira] [Commented] (ROL-2084) Unnecessary escaping of HTML symbols
happen on plain text email notification
[ https://issues.apache.org/jira/browse/ROL-2084?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15021044#comment-15021044 ]
Anil Gangolli commented on ROL-2084:
------------------------------------
Changes here need to be carefully done so as not to introduce any regression on past XSS issues
> Unnecessary escaping of HTML symbols happen on plain text email notification
> ----------------------------------------------------------------------------
>
> Key: ROL-2084
> URL: https://issues.apache.org/jira/browse/ROL-2084
> Project: Apache Roller
> Issue Type: Bug
> Components: Comments
> Affects Versions: 5.1.2
> Reporter: Kohei Nozaki
> Assignee: Roller Unassigned
> Priority: Minor
> Attachments: ROL-2084.patch, Screen Shot 2015-11-22 at 10.00.16.png, Screen Shot 2015-11-22 at 10.01.20.png
>
>
> I'm disabled *"Allow html in comments?"* option in site-wide configuration. In this case, Unnecessary escaping of HTML symbols happen. See attachments for example.
> I believe HTML escaping doesn't make any sense if comments has been sent as plain text. It only makes content messy.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)