ChiliProject is not maintained anymore. Please be advised that there will be no more updates.

We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.

HTML-escaped URLs in JavaScript (Bug #374)

Added by Gregor Schmidt at 2011-05-04 05:25 pm. Updated at 2011-05-05 07:01 pm.

Status:Closed Start date:2011-05-04
Priority:Normal Due date:
Assignee:- % Done:


Target version:1.4.0
Remote issue URL: Affected version:1.3.0


In app/views/issues/_form.rhtml:12 and app/views/issue_relations/_form.rhtml there are javascript calls, containing HTML escaped URL. These leads to Ajax requests containing & in the URL, such that some query parameters may be hidden.

Associated revisions

Revision 6408cddc
Added by Gregor Schmidt at 2011-05-04 07:28 pm

[#374] Not escaping URLs since they are used in a safe CDATA section, where no entity encoding is needed.

Revision 6fa5eb89
Added by Felix Schäfer at 2011-05-05 09:00 pm

Merge pull request #47 from schmidt/b/374-url-escaping-in-js-calls

Don't HTML-escaped URLs before passing them to the JavaScript helper. #374


Updated by Gregor Schmidt at 2011-05-04 05:33 pm

  • Assignee deleted (Gregor Schmidt)
  • Status changed from Open to Ready for review

Updated by Felix Schäfer at 2011-05-05 07:01 pm

Merged in 6fa5eb8. Thanks!

  • Status changed from Ready for review to Closed

Also available in: Atom PDF