Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unescaped Quote Causing JavaScript Error #5595

Closed
1 task done
Jon-Corey opened this issue Sep 12, 2023 · 0 comments
Closed
1 task done

Unescaped Quote Causing JavaScript Error #5595

Jon-Corey opened this issue Sep 12, 2023 · 0 comments
Labels
Fixed in v16.1

Comments

@Jon-Corey
Copy link
Contributor

Please go through all the tasks below

  • Check this box only after you have successfully completed both the above tasks

Please provide a brief description of the problem. Please do not forget to attach the relevant screenshots from your side.

With the Fluid Lava Engine, when viewing a group that has a single quote in the name, a JavaScript error is thrown due to the single quote not being escaped properly.

Also, if a double quote is used in the group name, the Quick Return link includes a backslash (again, due to the quotes not being escaped properly).

This also affects other entities that can be added to the Quick Returns such as connection requests, people, dataviews, reports, etc.

UnescapedQuoteJavaScriptError

Expected Behavior

Quotes in the script that adds Quick Return links should be escaped properly to avoid various issues, including JavaScript errors.

Actual Behavior

Quotes in the script that adds Quick Return links are not escaped properly, which causes various issues, including JavaScript errors.

Steps to Reproduce

  1. Set your environment's Lava Engine Liquid Framework global variable to Fluid and restart Rock
  2. Go to the group viewer
  3. Select any group
  4. Edit the group's name to add a single quote (')
  5. Refresh the page
  6. Open the browser's console (Ctrl + Shift + i and then click on the "Console" tab)
  7. Notice the JavaScript error

Rock Version

15.1

Client Culture Setting

en-US
Jon-Corey added a commit to Jon-Corey/Rock that referenced this issue Sep 12, 2023
@Jon-Corey
- (Core) Fixed an issue with the AddQuickReturn lava filter where quo…
3a32a70 
…tes were not properly escaped (Fixes SparkDevNetwork#5595)
@Jon-Corey Jon-Corey mentioned this issue Sep 12, 2023
Closed
10 tasks
@sparkdevnetwork-service sparkdevnetwork-service added the Status: In Dev Queue This issue is being worked on, and has someone assigned. label Sep 14, 2023
MrUpsideDown pushed a commit that referenced this issue Sep 20, 2023
@Jon-Corey @MrUpsideDown
+ (Lava) Fixed an issue with the AddQuickReturn filter where quotes w…
7b13bec 
…ere not properly escaped. (Fixes #5595) (PR #5596)
@MrUpsideDown MrUpsideDown added Fixed in v16.1 and removed Status: In Dev Queue This issue is being worked on, and has someone assigned. labels Sep 20, 2023
@Jon-Corey Jon-Corey mentioned this issue Oct 6, 2023
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Fixed in v16.1
Projects
None yet
Milestone
No milestone
3 participants
@sparkdevnetwork-service @MrUpsideDown @Jon-Corey