Diff view does not escape HTML entities (BB-3344)

Issue #3460 resolved
Arthur McBain
created an issue

HTML entities present in code/source shown in the diff view does not escape HTML entities. They are presented as-is. It may be possible for other HTML constructs to pass by as-is also.

Example: https://bitbucket.org/AMcBain/hexxagon/changeset/e28c6de14d47

This is in contrast to the source code view, which does properly escape such entities.

Example: https://bitbucket.org/AMcBain/hexxagon/src/e28c6de14d47/scripts/model.js#cl-113

Comments (5)

  1. Log in to comment