Page MenuHomePhabricator
Create Task
Maniphest T198522

Escape the fields present in the template
Open, MediumPublic
Actions

Description

Need to see what can be done in Remarkup syntax and what need to be escaped.
"Classic" escape (sanitize html tags) should already be done by phab itself.

Event Timeline

Framawiki created this task.Jun 30 2018, 7:10 AM
Framawiki added subscribers: gerritbot, Aklapper.EditedJun 30 2018, 7:14 AM

Hello @Aklapper. Github-notif-bot will add comments to phab tasks like what currently does @gerritbot. I wonder if I need to escape the fields present in this comment. Can a problematic action be made using the comment field in phabricator tasks, voluntarily or not ? I only see adding subscribers by mentioning them.

Framawiki updated the task description. (Show Details)Jun 30 2018, 7:15 AM
Aklapper added a comment.Jun 30 2018, 1:26 PM

I don't know. What are "fields in a comment" exactly? That's a question for @gerritbot maintainers probably?

Framawiki added a comment.Jun 30 2018, 4:11 PM
In T198522#4327019, @Aklapper wrote:

I don't know. What are "fields in a comment" exactly? That's a question for @gerritbot maintainers probably?

The comment itself. Imagine that anyone could write a text that would be posted as a comment of a phabricator task, like what @gerritbot already does. Do you see any particular syntax that might be problematic, and so should be sure it's removed?

Looking at https://secure.phabricator.com/book/phabricator/article/remarkup/ I found nothing put in a comment box that might cause a problem.

Aklapper changed the subtype of this task from "Deadline" to "Task".Apr 26 2023, 8:43 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL