You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
During the review of #12647, we have noticed there may be some edge cases in the listing of the filters where some elements are being escaped, and some that may not.
We need to investigate that the escaping is done properly in any decidim
Actually, this has been implemented by the redesign team, and this is why we never caught it before.
The method called directory_filter_categories_values defined in application_helper is being used with the following stackTrace:
the method filter_text_for(translation, id: nil), is rendering a content_tag with a translation parameter that is automatically escaped by ERB.
in 0.27, we do not have filter_text_for therefore we need to handle by hand ( which i did here )
Looking at the tree helper, there is a test improvement that can be done for main elements + children so that we have everything escaped properly. This would be another PR against the develop, that needs to happen at some point, and i would not keep this PR any longer.
During the review of #12647, we have noticed there may be some edge cases in the listing of the filters where some elements are being escaped, and some that may not.
We need to investigate that the escaping is done properly in any decidim
Actually, this has been implemented by the redesign team, and this is why we never caught it before.
The method called
directory_filter_categories_values
defined in application_helper is being used with the following stackTrace:the method
filter_text_for(translation, id: nil)
, is rendering a content_tag with a translation parameter that is automatically escaped by ERB.in 0.27, we do not have
filter_text_for
therefore we need to handle by hand ( which i did here )Looking at the tree helper, there is a test improvement that can be done for main elements + children so that we have everything escaped properly. This would be another PR against the develop, that needs to happen at some point, and i would not keep this PR any longer.
Originally posted by @alecslupu in #12647 (comment)
The text was updated successfully, but these errors were encountered: