Content
View differences
Updated by Jens Ulferts over 9 years ago
**Reproduction**
* Have a user with html tags in the name (e.g.
<h1>
yep
</h1>
)
- Go to watchers tab of a work package
- insert parts of the name until the user is provided as an option to select
**Actual**
- The html in the name is executed
**Expected**
- The html is escaped
**Note**
- This bug exists also for relations (with work packages)
* Have a user with html tags in the name (e.g.
<h1>
yep
</h1>
)
- Go to watchers tab of a work package
- insert parts of the name until the user is provided as an option to select
**Actual**
- The html in the name is executed
**Expected**
- The html is escaped
**Note**
- This bug exists also for relations (with work packages)
