View Issue Details

This bug affects 1 person(s).
 6
IDProjectCategoryView StatusLast Update
16904Bug reportsOtherpublic2021-03-29 12:31
Reportergabrieljenik Assigned Togabrieljenik  
PrioritynoneSeverityminor 
Status closedResolutionfixed 
Product Version4.x.0-dev 
Summary16904: Check attributes are escaped properly
Description

On 16896, the HTML breaks when the subquestion's text contains double quotes (").
Added "escape('html_attr')" to subquestion text and code (subquestionRow.twig).

It seems the same happens with other fields (like the "Array filter" attribute, just to mention one).

We need to check further which attributes need filtering and we should review them

TagsNo tags attached.
Bug heat6
Complete LimeSurvey version number (& build)Latest develop 4.4.0-alpha
I will donate to the project if issue is resolvedNo
Browser
Database type & versionirrelevant
Server OS (if known)
Webserver software & version (if known)
PHP Versionirrelevant

Relationships

related to 16896 closedgabrieljenik Javascript shown when editing subquestions 

Users monitoring this issue

There are no users monitoring this issue.

Activities

ollehar

ollehar

2021-03-05 17:27

administrator   ~62798

Please check if this bug still exists in the latest patch release. Thank you.

gabrieljenik

gabrieljenik

2021-03-17 17:45

manager   ~63416

PR: https://github.com/LimeSurvey/LimeSurvey/pull/1803

gabrieljenik

gabrieljenik

2021-03-25 14:57

manager   ~63607

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=31384

lime_release_bot

lime_release_bot

2021-03-29 12:31

administrator   ~63685

Fixed in Release 4.4.15+210329

Related Changesets

LimeSurvey: master bc372a82

2021-03-25 14:42:56

gabrieljenik


Committer: GitHub Details Diff
Fixed issue 16904: Check attributes are escaped properly (#1803) Affected Issues
16904
mod - application/views/questionAdministration/answerOptionRow.twig Diff File

Issue History

Date Modified Username Field Change
2020-12-11 14:53 gabrieljenik New Issue
2020-12-11 14:53 gabrieljenik Status new => assigned
2020-12-11 14:53 gabrieljenik Assigned To => gabrieljenik
2020-12-11 14:53 gabrieljenik Issue generated from: 16896
2020-12-11 14:53 gabrieljenik Relationship added related to 16896
2021-03-05 17:27 ollehar Status assigned => feedback
2021-03-05 17:27 ollehar Note Added: 62798
2021-03-17 17:45 gabrieljenik Note Added: 63416
2021-03-22 15:09 c_schmitz Status feedback => ready for testing
2021-03-25 14:43 c_schmitz Status ready for testing => resolved
2021-03-25 14:43 c_schmitz Resolution open => fixed
2021-03-25 14:57 gabrieljenik Changeset attached => LimeSurvey master bc372a82
2021-03-25 14:57 gabrieljenik Note Added: 63607
2021-03-29 12:31 lime_release_bot Note Added: 63685
2021-03-29 12:31 lime_release_bot Status resolved => closed