You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm experiencing the following after applying the changes to remedy XSS found in commit 57f9ff7:
If viewing results in non-grid view, clicking on Info causes a "JSON error parsing response: [object Object]" error in the browser, and the web log has the following:
"
ERROR ... elsa/web/lib/View.pm (161) View::catch ...
... Invalid JSON args ...
'q' => '...b.a.s.e.6.4..b.a.s.e.6.4... ...b.a.s.e.6.4..b.a.s.e.6.4.....=='
... invalid character encountered while parsing JSON string, at character offset ...
... at /usr/local/elsa/web/lib/Controller.pm line 1914.
... at /usr/local/elsa/web/lib/Controller.pm line 1916
"
It's breaking at line 1910, within of Controller.pm:
$decode = $self->json->decode(decode_base64($args->{q}));
The base64 encoded sData coming from the browser has a space in it. Running the version of elsa.js before this fix has a plus sign instead.
I was able to solve my problem by adding "$args->{q} =~ s/ /+/g;" near the top of subroutine get_log_info:
sub get_log_info {
my ($self, $args, $cb) = @_;
my $user = $args->{user};
$args->{q} =~ s/ /+/g; ### <----- NEW LINE OF CODE
my $decode;
eval {
$decode = $self->json->decode(decode_base64($args->{q}));
};
I created a pull request, but I'm not sure if it's the best solution, or place for the solution.
The text was updated successfully, but these errors were encountered:
I'm experiencing the following after applying the changes to remedy XSS
found in commit 57f9ff7 57f9ff7
:
If viewing results in non-grid view, clicking on Info causes a "JSON error
parsing response: [object Object]" error in the browser, and the web log
has the following:
"
ERROR ... elsa/web/lib/View.pm (161) View::catch ...
... Invalid JSON args ...
'q' => '...b.a.s.e.6.4..b.a.s.e.6.4... ...b.a.s.e.6.4..b.a.s.e.6.4.....=='
... invalid character encountered while parsing JSON string, at character
offset ...
... at /usr/local/elsa/web/lib/Controller.pm line 1914.
... at /usr/local/elsa/web/lib/Controller.pm line 1916
"
It's breaking at line 1910, within of Controller.pm:
The base64 encoded sData coming from the browser has a space in it.
Running the version of elsa.js before this fix has a plus sign instead.
I was able to solve my problem by adding "$args->{q} =~ s/ /+/g;" near the
top of subroutine get_log_info:
sub get_log_info {
my ($self, $args, $cb) = @_;
my $user = $args->{user};
$args->{q} =~ s/ /+/g; ### <----- NEW LINE OF CODE
my $decode;
eval {
$decode = $self->json->decode(decode_base64($args->{q}));
};
I created a pull request, but I'm not sure if it's the best solution, or
place for the solution.
—
Reply to this email directly or view it on GitHub #5.
I'm experiencing the following after applying the changes to remedy XSS found in commit 57f9ff7:
If viewing results in non-grid view, clicking on Info causes a "JSON error parsing response: [object Object]" error in the browser, and the web log has the following:
"
ERROR ... elsa/web/lib/View.pm (161) View::catch ...
... Invalid JSON args ...
'q' => '...b.a.s.e.6.4..b.a.s.e.6.4... ...b.a.s.e.6.4..b.a.s.e.6.4.....=='
... invalid character encountered while parsing JSON string, at character offset ...
... at /usr/local/elsa/web/lib/Controller.pm line 1914.
... at /usr/local/elsa/web/lib/Controller.pm line 1916
"
It's breaking at line 1910, within of Controller.pm:
$decode = $self->json->decode(decode_base64($args->{q}));
The base64 encoded sData coming from the browser has a space in it. Running the version of elsa.js before this fix has a plus sign instead.
I was able to solve my problem by adding "$args->{q} =~ s/ /+/g;" near the top of subroutine get_log_info:
sub get_log_info {
my ($self, $args, $cb) = @_;
my $user = $args->{user};
$args->{q} =~ s/ /+/g; ### <----- NEW LINE OF CODE
I created a pull request, but I'm not sure if it's the best solution, or place for the solution.
The text was updated successfully, but these errors were encountered: