Many of the Scripts are not properly escaped #584
Comments
|
(In [[r:6fdea86bab22711d02940e6d4f0f92d6655cf4c8]]) Closes #584. Properly encode/escape scripts Branch: master |
|
Imported from Assembla: http://www.assembla.com/spaces/liftweb/tickets/584 |
ghost
assigned This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Many of the Widgets have improperly escaped script tags such as:
<script type="text/javascript" charset="utf-8">{ Unparsed("\nvar itemClick = " + (itemClick openOr JsRaw("function(param){}")).toJsCmd) ++ Unparsed("\nvar calendars = " + CalendarUtils.toJSON(calendars filter (c => c.start.after(cal) && c.start.before(lastCal))).toJsCmd) ++ Unparsed(""" jQuery(document).ready(function() { CalendarWeekView.buildWeekViewCalendars(); }) """) } </script>Note that if there are XML characters in any of the Strings they will either cause XML parsing problems or they will cause improperly generated JavaScript.
All JavaScript should look like:
Script(...)
or
Script(JsRaw(...))
In no event should we do Unparsed or manually create the <script> tags.
The text was updated successfully, but these errors were encountered: