Un escaping the HTML for the retired answer concepts#100
Un escaping the HTML for the retired answer concepts#100mozzy11 wants to merge 1 commit intoopenmrs:masterfrom
Conversation
|
Can you include the ticket id in your commit message as advised at? https://wiki.openmrs.org/display/docs/Pull+Request+Tips |
|
ok let me do that |
|
Are you still working on this? |
|
samwel , as far as i understood the ticket, i dont see any more work to be done ...the retired answer concepts no longer show html code..i just un-escaped the html genarated from the server side |
|
if u look at the last image i attached ..i seem to have solved the problem.. unless there are any other comments from u but i think i finished this .. |
|
Did you see @dkayiwa 's comments? |
|
you mean including the ticket id in my commit messages? yes i did that |
|
i did that a49cc47 |
| <td valign="top"> | ||
| <select class="largeWidth" size="6" id="answerNames" multiple="multiple" onKeyUp="listKeyPress('answerNames', 'answerIds', ' ', event)"> | ||
| <c:forEach items="${command.conceptAnswers}" var="answer"> | ||
| <c:forEach items="${command.conceptAnswers}" var="answer" > |
There was a problem hiding this comment.
sorry , that was un intended
|
|
||
| ${project.parent.artifactId}.Location.purgeLocation=Permanently Delete Location | ||
| ${project.parent.artifactId}.Location.confirmDelete=Are you sure you want to delete this Location? It will be permanently removed from the system. | ||
| ${project.parent.artifactId}.Location.purgedSuccessfully=Location deleted successfully |
There was a problem hiding this comment.
that was un intended , i cant even figure out the change (:
|
i removed the unnecesary changes |
|
@mozzy11 Is there another approach we can take here rather than just not escaping XML, since this makes XSS attacks possible through the concept name field? |
4 participants
https://issues.openmrs.org/browse/LUI-48