Page MenuHomePhabricator

Flow front-end: escape topic title's HTML in h1 firstHeader when viewing isolated topic
Closed, ResolvedPublic


Topic title is text, so HTML entities in it simply appear.

But when you view a standalone topic (from a permalink, or when you open a topic action action in a new tab, or presumably when you choose a topic action with no-JavaScript), Flow puts the un-escaped topic title in the <h1 class="firstHeading"> and in the <title> tag.

Compare the URL above with

Version: master
Severity: major



Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 3:26 AM
bzimport set Reference to bz67401.
bzimport added a subscriber: Unknown Object (MLST).
Spage created this task.Jul 2 2014, 1:01 AM

Change 143552 had a related patch set uploaded by Spage:
Escape topic title HTML shown in h1 firstHeading

Change 143552 merged by jenkins-bot:
Escape topic title HTML shown in h1 firstHeading

Fixed in 1.24wmf13

Quiddity removed a subscriber: Maryana.Dec 19 2014, 1:34 AM