The @ and % placeholders are generally better to use than ! unless you really need to use ! and have done your own text filtering.

This patch does that change. I don't see a way to abuse this for XSS given that the section comes from a hard-coded list so I'm posting it publicly.

CommentFileSizeAuthor
#1 1351024_swap_t_placeholders.patch582 bytesgreggles

Comments

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented
Status: Active » Needs review
StatusFileSize
new 1351024_swap_t_placeholders.patch582 bytes
simon georges’s picture

simon georges commented
Status: Needs review » Reviewed & tested by the community

Patch applies cleanly and works.

simon georges’s picture

simon georges commented
Status: Reviewed & tested by the community » Fixed

Committed, thanks!

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.