id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	launchpad_bug
3609	Manual quoting/escaping is scattered ad hoc throughout the web code	exarkun		"Consider https://github.com/tahoe-lafs/tahoe-lafs/blob/master/src/allmydata/web/check_results.py#L435

It is a testament to someone's diligence that the name is being quoted using `html.escape` here.  However, relying on diligence for every such occurrence is an unreliable strategy for producing correct, *safe* html output.

These cases should be handled automatically, systematically, and probably centrally in some part of the html generation library (twisted.web.template or our layer on top of it).
"	defect	new	normal	undecided	code-frontend-web	n/a		wui