Page MenuHomePhabricator

Flow front-end: escape topic title's HTML in h1 firstHeader when viewing isolated topic
Closed, ResolvedPublic


Topic title is text, so HTML entities in it simply appear.

But when you view a standalone topic (from a permalink, or when you open a topic action action in a new tab, or presumably when you choose a topic action with no-JavaScript), Flow puts the un-escaped topic title in the <h1 class="firstHeading"> and in the <title> tag.

Compare the URL above with

Version: master
Severity: major



Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 3:26 AM
bzimport set Reference to bz67401.
bzimport added a subscriber: Unknown Object (MLST).

Change 143552 had a related patch set uploaded by Spage:
Escape topic title HTML shown in h1 firstHeading

Change 143552 merged by jenkins-bot:
Escape topic title HTML shown in h1 firstHeading