Skip to content

Don't overescape tab links #23205

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 14, 2022
Merged

Don't overescape tab links #23205

merged 1 commit into from
Apr 14, 2022

Conversation

braders
Copy link
Contributor

@braders braders commented Apr 14, 2022

Overview

Don't overescape tab links, ensure tabs work when escape-on-output is enabled.

Before

Tabs failed to load. E.g.:

  • Contact page
  • Manage event page

After

Tabs load

Technical Details

This does not affect Drupal due to the difference in URL structure between environments, and the short-circuits already in place to make escape-on-output work.

Comments

Possibly there should be an escape method for URLs - something like esc_url in WordPress. The risk of leaving these unescaped seems low though, and is no worse than the status quo (i.e. without escape-on-output).

@civibot
Copy link

civibot bot commented Apr 14, 2022

(Standard links)

@civibot civibot bot added the master label Apr 14, 2022
@eileenmcnaughton
Copy link
Contributor

I agree the risk is low

In general escaping if for when the variable comes from user input & where the php layer constructs the variable it should not be needed (assuming we don't stuff anything up....)

@eileenmcnaughton eileenmcnaughton merged commit d7314c6 into civicrm:master Apr 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
master merge on pass
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@braders @eileenmcnaughton