R1:02e8a322dc58
R1:02e8a322dc58
Defuse XSS in Calendar
Summary: `addDetail()` takes HTML because we have links there fairly often. :/ This design is iffy.
Test Plan: Reloaded `/calendar/status/`, verified no XSS.
Reviewers: btrahan, vrana
Reviewed By: vrana
CC: aran
Maniphest Tasks: T139
Differential Revision: https://secure.phabricator.com/D4074
Summary: `addDetail()` takes HTML because we have links there fairly often. :/ This design is iffy.
Test Plan: Reloaded `/calendar/status/`, verified no XSS.
Reviewers: btrahan, vrana
Reviewed By: vrana
CC: aran
Maniphest Tasks: T139
Differential Revision: https://secure.phabricator.com/D4074
Repository: R1 hydra
Commit Date: Dec 3 2012