to properly HTML filter data that has been passed into the template.
This means that if the data can possibly contain special HTML characters
such as <, and the data was not intended to be HTML, they need to be
- converted to entity form, ie &lt;. You use the 'html' filter in the
+ converted to entity form, i.e. &lt;. You use the 'html' filter in the
Template Toolkit to do this. If you forget, you may open up
your installation to cross-site scripting attacks.
</para>
Also note that Bugzilla adds a few filters of its own, that are not
in standard Template Toolkit. In particular, the 'url_quote' filter
can convert characters that are illegal or have special meaning in URLs,
- such as &, to the encoded form, ie %26. This actually encodes most
+ such as &, to the encoded form, i.e. %26. This actually encodes most
characters (but not the common ones such as letters and numbers and so
on), including the HTML-special characters, so there's never a need to
HTML filter afterwards.
regularly updated at intervals from the main database.
</para>
<para>
- MySQL has some synchronization features builtin to the
+ MySQL has some synchronization features built-in to the
latest releases. It would be great if someone looked into
the possibilities there and provided a report to the
newsgroup on how to effectively synchronize two Bugzilla
projects / thirdparty / bugzilla.git / commitdiff
