...
In the example above, a rectangle has been added to around the issue with HTML tags.
Security
It's important to sanitize the users' texts to avoid script injection (XSS attacks!) The built-in function escape() does the job: issue summaries, descriptions, comments, etc. are subject to contain malicious code.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
SELECT
'<script>alert("XSS attack!")</script>'
FROM DUAL |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
SELECT
ESCAPE('<script>alert("XSS attack!")</script>') as "Escaped code"
FROM DUAL |
Escaped code |
---|
<script>alert("XSS attack!")</script> |
Built-in Field functions
In the exmapleexample
There is a bunch of built-in functions helping to get those extra columns dynamically, All those functions can be listed querying the ISSUEFIELDEFINITIONS table
...