New submission from R David Murray: When Roundup detects that someone else has updated an issue, it tries to give you a link to use to open the message in a new window so you can see what changes were made to the metadata. After the XSS issues were fixed, this link became escaped HTML and so did not work. I reported this issue upstream here:
http://issues.roundup-tracker.org/issue2550836 It has now been fixed, and the issue contains a request to test the fix. I'm not sure how practical it is for us to test it, but either way I'm recording the issue here as something we need to check at some point, either by testing the patch now or by testing it after it gets released upstream and we upgrade. Note that Ralph says he "completely changed" the way the XSS stuff is handled, which might or might not mean there are other adjustments we want to make on our tracker, depending on whether we previously "fixed" things in or templates or not. ---------- messages: 2848 nosy: r.david.murray priority: feature status: unread title: html-escaped link in message update collision message _______________________________________________________ PSF Meta Tracker <metatrac...@psf.upfronthosting.co.za> <http://psf.upfronthosting.co.za/roundup/meta/issue538> _______________________________________________________ _______________________________________________ Tracker-discuss mailing list Tracker-discuss@python.org https://mail.python.org/mailman/listinfo/tracker-discuss
