this_will_be_replaced_by_sandstorm needs to be replaced even when escaped in JS strings

[kentonv]

http://ninjility.com/, which appears to be hosted on Sandstorm, has this blob at the top:

    <script type="text/javascript">
        window._wpemojiSettings = {"baseUrl":"http:\/\/s.w.org\/images\/core\/emoji\/72x72\/","ext":".png","source":{"concatemoji":"http:\/\/this_will_be_replaced_by_sandstorm:10000\/wp-includes\/js\/wp-emoji-release.min.js?ver=4.3.2-alpha"}};
        !function(a,b,c){function d(a){var c=b.createElement("canvas"),d=c.getContext&&c.getContext("2d");return d&&d.fillText?(d.textBaseline="top",d.font="600 32px Arial","flag"===a?(d.fillText(String.fromCharCode(55356,56812,55356,56807),0,0),c.toDataURL().length>3e3):(d.fillText(String.fromCharCode(55357,56835),0,0),0!==d.getImageData(16,16,1,1).data[0])):!1}function e(a){var c=b.createElement("script");c.src=a,c.type="text/javascript",b.getElementsByTagName("head")[0].appendChild(c)}var f,g;c.supports={simple:d("simple"),flag:d("flag")},c.DOMReady=!1,c.readyCallback=function(){c.DOMReady=!0},c.supports.simple&&c.supports.flag||(g=function(){c.readyCallback()},b.addEventListener?(b.addEventListener("DOMContentLoaded",g,!1),a.addEventListener("load",g,!1)):(a.attachEvent("onload",g),b.attachEvent("onreadystatechange",function(){"complete"===b.readyState&&c.readyCallback()})),f=c.source||{},f.concatemoji?e(f.concatemoji):f.wpemoji&&f.twemoji&&(e(f.twemoji),e(f.wpemoji)))}(window,document,window._wpemojiSettings);
    </script>

As you can see there is a case of this_will_be_replaced_by_sandstorm that failed to be replaced in there, because the '/'s are for some reason escaped (who knew '/' was a valid escape sequence in Javascript?).

This actually leads to an error reported on the JS console when loading the site.

[mrdomino]

+1

[dwrensha]

Eek, I just noticed that this error shows up in the default configuration. That is, if I create a new WordPress grain, click "Rebuild Public Site", and then visit the site, I see the following error in my browser console:

Blocked loading mixed active content “http://this_will_be_replaced_by_sandstorm:10000/wp-includes/js/wp-emoji-release.min.js?ver=4.4.2”[Learn More]

[dwrensha]

The reason we see the strange-looking host this_will_be_replaced_by_sandstorm:10000 has do with our integration with Sandstorm's web publishing feature. When you click the "Rebuild Public Site" button, we run a recursive wget to locally grab the contents of your site and copy them into /var/www/. This relies on some configuration in /etc/hosts. The idea is that after grabbing the content, we can do a find-and-replace to convert these URLs to an appropriate form for external consumption. Unfortunately, the find-and-replace does not catch all cases.

[JamborJan]

Is there any chance that we get this bug solved? As far as I can see it has impact on other issues and possible solutions there, see issue #22. Thanks a lot!

Update: as far as I can see, my point is caused by this line in the mentioned recursive wget script. I guess the script should replace the url in any case no matter if it is a https or http link.

[xet7]

This issue was moved to sandstormports/wordpress-sandstorm#11