# HG changeset patch
# User Marcin Kuzminski <marcin@rhodecode.com>
# Date 2020-05-25 07:40:45
# Node ID b34cd89044420bd5f1e8771d6ab0e2347ba4087a
# Parent  8799f40280bd401ded034af30f12dc24b1b75da3

issue-tracker: fixed XSS in the newly generated description fields.

diff --git a/rhodecode/lib/helpers.py b/rhodecode/lib/helpers.py
--- a/rhodecode/lib/helpers.py
+++ b/rhodecode/lib/helpers.py
@@ -1492,7 +1492,7 @@ def _process_url_func(match_obj, repo_na
         'id-repr': issue_id,
         'issue-prefix': entry['pref'],
         'serv': entry['url'],
-        'title': desc,
+        'title': bleach.clean(desc, strip=True),
         'hovercard_url': hovercard_url
     }