Code review comment for lp:~wallyworld/launchpad/delete-bugtask-ui-878909

37 + @property
38 + def confirmation_message(self):
39 + return ('<p>You are about to mark bug %s<br>'
40 + 'as no longer affecting %s.</p>'
41 + '<p>This operation will be permanent and cannot be '
42 + 'undone.</p>'
43 + % (self.context.bug.title,
44 + self.context.target.bugtargetdisplayname))

As Curtis says, this is a security hole. Why is this not done in the template? Also, the operation is not permanent -- it can be undone, by readding the task.