Shahar Havivi has submitted this change and it was merged. Change subject: ui: remove Escape characters for TextBoxLabel ...................................................................... ui: remove Escape characters for TextBoxLabel The reason that we use: SafeHtmlUtils.htmlEscape(renderedText); is to prevent javascript code injection such as <script> etc. Its looks like the control is already safe rendering (tested with <script>, <b> and <h1>). without removing this line its render <>,. as theyer escaped value. Change-Id: I2e303decb9395fcf193e874b4ae55ab076ec0bba Bug-Url: https://bugzilla.redhat.com/1113499 Signed-off-by: Shahar Havivi <shaharh@redhat.com> --- M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/widget/label/TextBoxLabel.java 1 file changed, 2 insertions(+), 11 deletions(-) Approvals: Tomas Jelinek: Looks good to me, approved Shahar Havivi: Verified; Looks good to me, approved Vojtech Szocs: Looks good to me, approved -- To view, visit http://gerrit.ovirt.org/29292 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I2e303decb9395fcf193e874b4ae55ab076ec0bba Gerrit-PatchSet: 4 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Shahar Havivi <shavivi@redhat.com> Gerrit-Reviewer: Alexander Wels <awels@redhat.com> Gerrit-Reviewer: Omer Frenkel <ofrenkel@redhat.com> Gerrit-Reviewer: Shahar Havivi <shavivi@redhat.com> Gerrit-Reviewer: Tomas Jelinek <tjelinek@redhat.com> Gerrit-Reviewer: Vojtech Szocs <vszocs@redhat.com> Gerrit-Reviewer: automation@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server