id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,launchpad_bug 3609,Manual quoting/escaping is scattered ad hoc throughout the web code,exarkun,,"Consider https://github.com/tahoe-lafs/tahoe-lafs/blob/master/src/allmydata/web/check_results.py#L435 It is a testament to someone's diligence that the name is being quoted using `html.escape` here. However, relying on diligence for every such occurrence is an unreliable strategy for producing correct, *safe* html output. These cases should be handled automatically, systematically, and probably centrally in some part of the html generation library (twisted.web.template or our layer on top of it). ",defect,new,normal,undecided,code-frontend-web,n/a,,wui,,