As a library (the html table building classes), both HtmlTableHeaderBuilder and HtmlTableCellBuilder need to escape their output by default, and have a class / function / flag, that is clearly named (should probably have "raw" or "nonEscaped" in the name), that allows the library user to put raw html into the table headers/cells.
|Resolved||Lydia_Pintscher||T99351 Review and deploy Wikibase-Quality on wikidata.org|
|Resolved||csteipp||T99352 Security review of Wikibase-Quality|
|Resolved||csteipp||T102649 Ex:WikibaseQuality - Needs to escape output by default|
- Mentioned In
- rEWQLf43c34d6e2db: T102649 Allow raw content for html builder, escape content by default
rEWQL0a9d2c8d12f1: Merge "T102649 Allow raw content for html builder, escape content by default"
rMEXTa38e7b9c1d9f: Updated mediawiki/extensions Project: mediawiki/extensions/WikidataQuality…
rEWQL5ea4810b3359: T102649 Allow raw content for html builder, escape content by default