= bug description =
pkgdb and perhaps other apps need access to the user's human name, username, and other data from javascript. python-fedora provides those pieces of information in a javascript script block via a standard template. That template did not account for special characters like &, \, and " in the human name. Those characters could cause errors in the javascript processing the page.
= fix recommendation =
After some work at escaping the strings in a way that wouldn't lead to double escaping by genshi we finally created the following patch to python-fedora upstream: https://github.com/fedora-infra/python-fedora/pull/87
This hotfix has been added in puppet to the hotfix::python-fedora-turbogears module. It is applied to all appRhel and fas boxes.
The hotfix is incomplete: https://github.com/fedora-infra/python-fedora/pull/87#issuecomment-41775379
Further fix applied in infra. Needs upstream review of the pull request: https://github.com/fedora-infra/python-fedora/pull/88
Pushed out in python-fedora-0.3.34 packages.
Login to comment on this ticket.