-
Notifications
You must be signed in to change notification settings - Fork 179
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Un escaping the HTML for the retired answer concepts #100
base: master
Are you sure you want to change the base?
Conversation
Can you include the ticket id in your commit message as advised at? https://wiki.openmrs.org/display/docs/Pull+Request+Tips |
ok let me do that |
Are you still working on this? |
samwel , as far as i understood the ticket, i dont see any more work to be done ...the retired answer concepts no longer show html code..i just un-escaped the html genarated from the server side |
if u look at the last image i attached ..i seem to have solved the problem.. unless there are any other comments from u but i think i finished this .. |
Did you see @dkayiwa 's comments? |
you mean including the ticket id in my commit messages? yes i did that |
i did that a49cc47 |
@@ -498,7 +498,7 @@ | |||
<tr> | |||
<td valign="top"> | |||
<select class="largeWidth" size="6" id="answerNames" multiple="multiple" onKeyUp="listKeyPress('answerNames', 'answerIds', ' ', event)"> | |||
<c:forEach items="${command.conceptAnswers}" var="answer"> | |||
<c:forEach items="${command.conceptAnswers}" var="answer" > |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need this change?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sorry , that was un intended
@@ -9,4 +9,4 @@ legacyui.manageuser.noProviderIdentifier=No Identifier Specified | |||
|
|||
${project.parent.artifactId}.Location.purgeLocation=Permanently Delete Location | |||
${project.parent.artifactId}.Location.confirmDelete=Are you sure you want to delete this Location? It will be permanently removed from the system. | |||
${project.parent.artifactId}.Location.purgedSuccessfully=Location deleted successfully |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need this change?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that was un intended , i cant even figure out the change (:
i removed the unnecesary changes |
@mozzy11 Is there another approach we can take here rather than just not escaping XML, since this makes XSS attacks possible through the concept name field? |
https://issues.openmrs.org/browse/LUI-48