id summary reporter owner description type status priority milestone component version resolution keywords cc launchpad_bug 3609 Manual quoting/escaping is scattered ad hoc throughout the web code exarkun "Consider https://github.com/tahoe-lafs/tahoe-lafs/blob/master/src/allmydata/web/check_results.py#L435 It is a testament to someone's diligence that the name is being quoted using `html.escape` here. However, relying on diligence for every such occurrence is an unreliable strategy for producing correct, *safe* html output. These cases should be handled automatically, systematically, and probably centrally in some part of the html generation library (twisted.web.template or our layer on top of it). " defect new normal undecided code-frontend-web n/a wui