2016-12-11 04:57 EST

View Issue Details Jump to Notes ] Wiki ]
IDProjectCategoryView StatusLast Update
0016562mantisbttaggingpublic2013-11-07 11:02
Assigned To 
Product Version1.2.15 
Target VersionFixed in Version 
Summary0016562: HTML in tag names should not be rendered
DescriptionDefining a tag as 'tagname' actually displays it in bold.

It is confusing to user because another tag 'tagname' can be defined; they are both displayed as 'tagname' (one in bold, one not), but filtering on 'T' only displays the tag without HTML.
Additional InformationAs discussed in http://thread.gmane.org/gmane.comp.bug-tracking.mantis.devel/4730
TagsNo tags attached.
Attached Files




dregad (developer)

I'm wondering if this is not by design after all.

It appears that we have the exact same behavior in many other places in the system, pretty much everywhere in fact, e.g. categories, project name, user realname, etc. as they are generally printed with string_display_line and therefore accept tags defined in $g_html_valid_tags_single_line.

Therefore I'm now thinking we should leave this as it is, and just merge the'<admincheck>' tag with the 'admincheck' one in this tracker.



vboctor (manager)

My feedback that I sent to the developers DL [1]:

I would suggest than we disallow such tags in entity names like projects, tags, users, etc. We should probably limit the names to include standard printable characters like alpha, digits, underscore, dash, dot, etc.

We should allow spaces, but disallow "some[space][space]x", i.e. replace N spaces with a single space, and trim left/right.

The question is what to do with the existing entities that may violate such rules. We could handle them as part of the upgrader, or just sanitize at print time and use some new string_display method.

[1] http://thread.gmane.org/gmane.comp.bug-tracking.mantis.devel/4730/focus=4733

-Issue History
Date Modified Username Field Change
2013-10-31 20:30 dregad New Issue
2013-11-01 06:07 dregad Note Added: 0038412
2013-11-03 15:02 vboctor Note Added: 0038431
+Issue History