HTML not escaped in ticket descriptions
HTML Tags are not escaped in ticket comments.
#1 Updated by Rocco Stanzione over 10 years ago
I think this is a have-your-cake-and-eat-it-too scenario. Issue descriptions are textilized so they can be formatted, and part of that is accepting HTML as-is. You should probably put any HTML in the descriptions (that you don't want interpreted by browsers) into atag.