Creating a new pane with the title 'Hosting Terms & Conditions' results in a pane titled 'Hosting Terms & Conditions'. I would expect it to escape HTML tags, but not entities in the pane titles.

Comments

pcambra’s picture

pcambra
he/him
Primary language Spanish
Location Asturies
CreditAttribution: pcambra commented
Status: Active » Postponed (maintainer needs more info)

'Hosting Terms & Conditions' results in a pane titled 'Hosting Terms & Conditions'

uh?

stewart.adam’s picture

stewart.adam CreditAttribution: stewart.adam commented
Status: Postponed (maintainer needs more info) » Active

Oops, sorry - should have previewed before submitting... My HTML entity was automatically converted!

It shows 'Hosting Terms & Conditions'.

pcambra’s picture

pcambra
he/him
Primary language Spanish
Location Asturies
CreditAttribution: pcambra commented

Probably coming from this http://drupalcode.org/project/commerce_extra_panes.git/commitdiff/d59fed...

sirtet’s picture

sirtet
Primary language German
Location Switzerland
CreditAttribution: sirtet commented

Same Problem for me...

@pcambra:
So, do you confirm this is a bug?

I'm not coder enough to see what to change, i just see it's a commit not by you, but committed by you.
It's about XSS in node title, but node-titles can show entities correct, so i guess it's not correctly displayed here?