I would suggest than we disallow such tags in entity names like projects, tags, users, etc.  We should probably limit the names to include standard printable characters like alpha, digits, underscore, dash, dot, etc.

We should allow spaces, but disallow "some[space][space]x", i.e. replace N spaces with a single space, and trim left/right.

The question is what to do with the existing entities that may violate such rules.  We could handle them as part of the upgrader, or just sanitize at print time and use some new string_display method.



On Thu, Oct 31, 2013 at 4:27 PM, Roland Becker <roland@atrol.de> wrote:
The behavior is quite confusing for users.

There are two "admincheck" tags
http://www.mantisbt.org/bugs/manage_tags_page.php?filter=ALL

and filtering by starting character will not display the bold one
http://www.mantisbt.org/bugs/manage_tags_page.php?filter=A

> Damien Regad <dregad@mantisbt.org> hat am 1. November 2013 um 00:19
> geschrieben:
>
>
> I noticed some bold chars in history of #10949 [1], so I checked out the
> tag's definition [2] and noticed it contains <b> tags which are rendered
> by Mantis through call to string_display_line() [3].
>
> I was just wondering whether this was a bug, or was it by design ?
> (Note: at least <script> tags are not rendered so no XSS ;-) )
>
> D
>
> [1] http://www.mantisbt.org/bugs/view.php?id=10949#history
> [2] http://www.mantisbt.org/bugs/tag_view_page.php?tag_id=135
> [3] https://github.com/dregad/mantisbt/blob/master/core/tag_api.php#L723
>
>
> ------------------------------------------------------------------------------
> Android is increasing in popularity, but the open development platform that
> developers love is also attractive to malware creators. Download this white
> paper to learn more about secure code signing practices that can help keep
> Android apps secure.
> http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
> _______________________________________________
> mantisbt-dev mailing list
> mantisbt-dev@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mantisbt-dev

------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
mantisbt-dev mailing list
mantisbt-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev