-
Bug
-
Resolution: Outdated
-
Neutral
-
None
-
6.2.8
-
None
-
None
Lots of labels displayed with message boxes contain HTML. This HTML is shown and not interpreted. We should allow some HTML characters for simply formatting but sanitize anything that could be used to exploit the system (see MAGNOLIA-6728).
Reproduce
- Open the configuration app
- Try to delete a module
In the contacts app try and change a picture
Notes
See also MGNLUI-6188
Acceptance criteria
- is duplicated by
-
MGNLUI-6188 Asset upload field in legacy apps: showing encoded html
- Closed