Open ietf-svn-bot opened 2 years ago
@rjsparks@nostrum.com changed priority from n/a
to medium
@rjsparks@nostrum.com changed status from new
to accepted
@rjsparks@nostrum.com commented
ugh - both groupevent and docevent have, at times, allowed html tags to be entered into desc. This needs a fairly large cleanup (and there are other related tickets) to normalize the desc text into an easier to clean and bleach markup language.
type_defect
| by jennifer@painless-security.comThe group event descriptions shown on the group's history tab frequently include "" tags. These are sometimes interpreted to cause bold text and other times rendered literally as text. This differs row-by-row in the history.
E.g., from https://datatracker.ietf.org/group/nomcom2021/history/:
(note the
<b>
in the first entry vs the<b>
in the second)The only hint of a pattern I see is that the one with properly interpreted HTML is in a
<div class="snippet">
, which probably means it's being rendered through a different code path that may be marking the text as HTML safe.Issue migrated from trac:3471 at 2022-03-04 09:20:29 +0000