Skip to content

Follow-up from "Enhance Security Configuration Error Handling introducing Userfacing error utils"

The following discussion from !112193 (merged) should be addressed:

  • @djadmin started a discussion:

    Suggestion: The HTML content in error messages do not generally do well, and have caused certain security bugs before. My suggestion would be to create a SafeHtml configuration which allows only anchor tags? This can be considered in a follow-up, WDYT?