...
It is strongly recommended that trusted users sanitize the Jira users' texts displayed on the app like summaries, descriptions, comments, user propertiesetcproperties, etc. by using the built-in escape() function in SQL or its counterpart in JavaScript or the htmltext() function to extract text from htmlfunctions to transform the original text into strings able to be displayed on HTML page safely from your browser:
- escape() : It simple escapes text, so you will see the original content.
- htmltext() : extract text from HTML. I.e: "<p>Hello, World</p>" will be transformed into the "Hello, World!" string.
- wikiHtml() : renders wiki markup as HTML.
I.e:
select key(issue) as "Issue", htmltext(summary(issue)) as "Summary" from JQL where query = ' reporter = currentUser() '
...