#91 Are we missing places where we should be doing html escaping - Hobo

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

#91 open

Are we missing places where we should be doing html escaping

Reported by Tom Locke | July 31st, 2008 @ 11:29 AM | in Beyond Hobo 1.0

e.g. #to_s and #name?

Comments and changes to this ticket

Tom Locke July 31st, 2008 @ 11:29 AM
- State changed from “new” to “open”
Tom Locke August 3rd, 2008 @ 12:17 PM
- Title changed from “Review for places we should be doing HTML escaping” to “Are we missing places where we should be doing html escaping”
- Tag changed from “security” to “question, security”
Matt Jones November 10th, 2009 @ 04:35 AM
- Tag changed from “question, security” to “misc, question, security”
We should probably integrate with rails_xss, as we're going to have to deal with the escaping issue when we move to 3.0.
Bryan Larsen December 1st, 2009 @ 11:45 PM
- Milestone changed from “Hobo 1.0 - Final” to “Beyond Hobo 1.0”
I missed the comment on rails_xss. Darn. This really should have made RC1. If we ever decide to bend the rule, this should be on the list.

I'm not sure if we should make rails_xss a depdendency, but we should definitely be compatible with it and recommend it.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Shared Ticket Bins (Sort)

↓↑ drag 97 New Tickets
↓↑ drag 1 Investigating (does not appear in totals)
↓↑ drag 76 No milestone assigned
↓↑ drag 128 Missing ticket-type
↓↑ drag 2 ------------------------
↓↑ drag 0 1.X High Priority
↓↑ drag 41 1.X Defects
↓↑ drag 20 1.X Enhancements
↓↑ drag 4 1.X Needs Test Case
↓↑ drag 1 1.X Clean-Up
↓↑ drag 2 1.X Testing
↓↑ drag 3 1.X Compatibility
↓↑ drag 9 1.X Doc
↓↑ drag 203 1.1 TOTAL
↓↑ drag 13 1.0 TOTAL
↓↑ drag 13 1.3 TOTAL
↓↑ drag 192 Beyond 1.0
↓↑ drag 1 stale
↓↑ drag 4 Needs Clarification

Hobo Hobo → Beyond Hobo 1.0

Are we missing places where we should be doing html escaping

Comments and changes to this ticket

Tom Locke July 31st, 2008 @ 11:29 AM

Tom Locke August 3rd, 2008 @ 12:17 PM

Matt Jones November 10th, 2009 @ 04:35 AM

Bryan Larsen December 1st, 2009 @ 11:45 PM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Tags

Pages

Hobo Hobo → Beyond Hobo 1.0

Keyword searching

Are we missing places where we should be doing html escaping

Comments and changes to this ticket

Tom Locke July 31st, 2008 @ 11:29 AM

Tom Locke August 3rd, 2008 @ 12:17 PM

Matt Jones November 10th, 2009 @ 04:35 AM

Bryan Larsen December 1st, 2009 @ 11:45 PM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Tags

Pages