Project name that contains double-quote is not properly escaped on Issue Navigator page

Type atlassian
Reporter sereda
Modified 2019-03-27T23:52:46


If a project has a double-quote in its name, it's not xml-escaped when used in "title" attribute. For example, if we have a project named 14" monitors, the html will look like:

<select name="pid" ....> <option title="14" monitors" value="10000" >14" monitors</option>

This causes JIRA Client to hiccup on this page and lose a lot of functionality. On web browser, the title is displayed incorrectly.

I can only imagine what would happen if a project contained the following characters: "></html> :)