Skip to content

[WebServerBundle] fixed html attribute escape #21689

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 25, 2017
Merged

[WebServerBundle] fixed html attribute escape #21689

merged 1 commit into from
Feb 25, 2017

Conversation

Seb33300
Copy link
Contributor

Q A
Branch? 2.8
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets -
License MIT
Doc PR -

In the Web Debug Toolbar, when a toolbar item has extra attributes, they are not properly escaped.
(If you put your mouse over the right toolbar item with sf version, you will see a tooltip with "")

Currently:

title=""

After:

title=""

javiereguiluz
javiereguiluz approved these changes Feb 25, 2017
View reviewed changes
Copy link
Member

@javiereguiluz javiereguiluz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@Seb33300 nice catch!

I've verified that this is the right fix:

Before

before

After

after

nicolas-grekas
nicolas-grekas approved these changes Feb 25, 2017
View reviewed changes
Copy link
Member

@nicolas-grekas nicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@nicolas-grekas nicolas-grekas added this to the 2.8 milestone Feb 25, 2017
@javiereguiluz
Copy link
Member

Thanks for fixing this bug @Seb33300.

@javiereguiluz javiereguiluz merged commit 1337cdb into symfony:2.8 Feb 25, 2017
javiereguiluz added a commit that referenced this pull request Feb 25, 2017
@javiereguiluz
bug #21689 [WebServerBundle] fixed html attribute escape (Seb33300)
57a81eb 
This PR was merged into the 2.8 branch.

Discussion
----------

[WebServerBundle] fixed html attribute escape

| Q             | A
| ------------- | ---
| Branch?       | 2.8
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | -
| License       | MIT
| Doc PR        | -

In the Web Debug Toolbar, when a toolbar item has extra attributes, they are not properly escaped.
(If you put your mouse over the right toolbar item with sf version, you will see a tooltip with `""`)

Currently:
```html
title=""
```

After:
```html
title=""
```

Commits
-------

1337cdb [WebServerBundle] fixed html attribute escape
@Seb33300 Seb33300 deleted the patch-1 branch February 25, 2017 14:13
This was referenced Mar 6, 2017
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@javiereguiluz javiereguiluz javiereguiluz approved these changes

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

Assignees
No one assigned
Labels
Bug Status: Reviewed WebProfilerBundle
Projects
None yet
Milestone
2.8
Development

Successfully merging this pull request may close these issues.
4 participants
@Seb33300 @javiereguiluz @nicolas-grekas @carsonbot