cubicweb #1698245 Convert __message to _cwmsgid to increase security [resolved]

Using _cwmsgid with the message stored in the sesssion can prevent users from inserting unwanted text in a cubicweb site by using the __message variable.

This ticket is the first step to removing the use of __message, convert it to cwmsgid in build_url

(next step : ignore the variable when sent through GET or POST : http://www.cubicweb.org/ticket/1698261)

prioritynormal
typeenhancement
done in3.13.0
load0.500
load left0.000
closed by#cab99ccdb774 [ui messages, xss] Start migration towards use of _msgid instead of __message (prone to XSS injection) closes #1698245