URL: https://webcompat.com/issues/29411
Browser / Version: Firefox 68.0
Operating System: Mac OS X 10.14
Tested Another Browser: No
Problem type: Something else
Description: This webcompat form doesn't escape HTML
Steps to Reproduce:
The form doesn't make it clear it expects markdown. I assumed it's plain text, and pasted in an HTML snippet as part of my report. The HTML was lost, so you've got an incomplete report.
The form should change < to < instead of stripping HTML.
Browser Configuration
- mixed active content blocked: false
- image.mem.shared: true
- buildID: 20190407093653
- tracking content blocked: false
- gfx.webrender.blob-images: true
- hasTouchScreen: false
- mixed passive content blocked: false
- gfx.webrender.enabled: true
- gfx.webrender.all: false
- channel: nightly
Console Messages:
[u'[JavaScript Error: "Content Security Policy: The pages settings blocked the loading of a resource at eval (script-src)."]', u'[JavaScript Error: "Content Security Policy: The pages settings blocked the loading of a resource at inline (script-src)." {file: "https://webcompat.com/issues/29411" line: 1}]', u'[JavaScript Warning: "Request to access cookie or storage on https://www.google-analytics.com/analytics.js was blocked because it came from a tracker and content blocking is enabled." {file: "https://webcompat.com/issues/29411" line: 0}]']
From webcompat.com with ❤️
URL: https://webcompat.com/issues/29411
Browser / Version: Firefox 68.0
Operating System: Mac OS X 10.14
Tested Another Browser: No
Problem type: Something else
Description: This webcompat form doesn't escape HTML
Steps to Reproduce:
The form doesn't make it clear it expects markdown. I assumed it's plain text, and pasted in an HTML snippet as part of my report. The HTML was lost, so you've got an incomplete report.
The form should change
<to<instead of stripping HTML.Browser Configuration
Console Messages:
[u'[JavaScript Error: "Content Security Policy: The pages settings blocked the loading of a resource at eval (script-src)."]', u'[JavaScript Error: "Content Security Policy: The pages settings blocked the loading of a resource at inline (script-src)." {file: "https://webcompat.com/issues/29411" line: 1}]', u'[JavaScript Warning: "Request to access cookie or storage on https://www.google-analytics.com/analytics.js was blocked because it came from a tracker and content blocking is enabled." {file: "https://webcompat.com/issues/29411" line: 0}]']From webcompat.com with ❤️