Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Addon Summary Field Does Not Bleach HTML #15254

Open
1 of 3 tasks
chrstinalin opened this issue Dec 18, 2024 · 0 comments
Open
1 of 3 tasks

[Bug]: Addon Summary Field Does Not Bleach HTML #15254

chrstinalin opened this issue Dec 18, 2024 · 0 comments
Labels
needs:info repository:addons-server Issue relating to addons-server

Comments

@chrstinalin
Copy link

chrstinalin commented Dec 18, 2024

What happened?

While investigating #15145, I noticed that the summary field still rendered some HTML despite (seemingly) not expecting it in the backend.

image
image

I found that mozilla/addons-server#22563 changed the summary field on Addon from a LinkifiedField to NoURLsField. LinkifiedField inherits from PurifiedTranslation (which bleaches HTML), but NoURLsField directly inherits from Translation.

The FE does clean the code before rendering, so there's no immediate issues, but it does seem like an inadvertent change.

What did you expect to happen?

  • addons-server cleans the HTML as it does pre-#22563
  • ORaddons-frontend no longer renders the HTML passed to it for the summary

Is there an existing issue for this?

  • I have searched the existing issues

┆Issue is synchronized with this Jira Task

@chrstinalin chrstinalin added needs:info repository:addons-server Issue relating to addons-server labels Dec 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
needs:info repository:addons-server Issue relating to addons-server
Projects
None yet
Development

No branches or pull requests

1 participant