Tomas Jelinek has posted comments on this change. Change subject: ui: remove Escape characters for TextBoxLabel ......................................................................
Patch Set 2: Code-Review+2 (1 comment) I'd say it is safe - just please fix that spelling mistake in the commit message :) http://gerrit.ovirt.org/#/c/29292/2//COMMIT_MSG Commit Message: Line 7: ui: remove Escape characters for TextBoxLabel Line 8: Line 9: The reason that we use: Line 10: SafeHtmlUtils.htmlEscape(renderedText); Line 11: is to prevent javascript code injection suck as <script> etc. %s/suck as/such as ;) Line 12: Its looks like the control is already safe rendering (tested with Line 13: <script>, <b> and <h1>). Line 14: without removing this line its render <>,. as theyer escaped value. Line 15: -- To view, visit http://gerrit.ovirt.org/29292 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I2e303decb9395fcf193e874b4ae55ab076ec0bba Gerrit-PatchSet: 2 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Shahar Havivi <shav...@redhat.com> Gerrit-Reviewer: Alexander Wels <aw...@redhat.com> Gerrit-Reviewer: Omer Frenkel <ofren...@redhat.com> Gerrit-Reviewer: Shahar Havivi <shav...@redhat.com> Gerrit-Reviewer: Tomas Jelinek <tjeli...@redhat.com> Gerrit-Reviewer: Vojtech Szocs <vsz...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
