Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTML Reporter: Fix an unescaped details.source. #1341

Merged
merged 1 commit into from
Dec 21, 2018
Merged

HTML Reporter: Fix an unescaped details.source. #1341

merged 1 commit into from
Dec 21, 2018

Conversation

shlomif
Copy link
Contributor

@shlomif shlomif commented Dec 20, 2018

Fix an unescaped details.source in innerHTML.

It became apparent when using .xhtml (application/xml+xhtml) but may
have other XSS issues (see
https://en.wikipedia.org/wiki/Cross-site_scripting ) in plain HTML.

The new test gets stuck before the production code fix and completes
successfully and promptly after applying it.

@shlomif
HTML Reporter: Fix an unescaped details.source.
d57f61d 
Fix an unescaped details.source  in innerHTML.

It became apparent when using .xhtml (application/xml+xhtml) but may
have other XSS issues (see
https://en.wikipedia.org/wiki/Cross-site_scripting ) in plain HTML.

The new test gets stuck before the production code fix and completes
successfully and promptly after applying it.
platinumazure
platinumazure approved these changes Dec 20, 2018
View reviewed changes
Copy link
Contributor

@platinumazure platinumazure left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for contributing!

I'd like another set of eyes on this before merging.

@platinumazure
Copy link
Contributor

@Krinkle @trentmwillis Are the test failures related to the changes in this PR? At a quick glance, I'm not sure they are, but maybe I'm missing something.

@Krinkle
Copy link
Member

Krinkle commented Dec 20, 2018

They're unrelated, and have been fixed since the PR started. I'll close and re-open this PR so that GitHub creates a new merge commit and let Travis test that.

@Krinkle Krinkle closed this Dec 20, 2018
@Krinkle Krinkle reopened this Dec 20, 2018
@Krinkle
Copy link
Member

Krinkle commented Dec 20, 2018

My bad. The fix for that failure is still pending at #1339. I'll get that sorted now.

@trentmwillis
Copy link
Member

Merged #1339, restarting Travis...

trentmwillis
trentmwillis approved these changes Dec 21, 2018
View reviewed changes
Copy link
Member

@trentmwillis trentmwillis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@trentmwillis trentmwillis merged commit b54e732 into qunitjs:master Dec 21, 2018
@shlomif
Copy link
Contributor Author

shlomif commented Dec 21, 2018 via email

shlomif added a commit to shlomif/fc-solve that referenced this pull request Dec 21, 2018
@shlomif
use qunit git master with the bug fix.
a4f2a0e 
See qunitjs/qunit#1341 . The xhtml was invalid.
@Krinkle Krinkle added Component: HTML Reporter Type: Bug Something isn't working right. labels Jan 3, 2019
@Krinkle Krinkle added this to the 2.9 milestone Jan 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trentmwillis trentmwillis trentmwillis approved these changes

@platinumazure platinumazure platinumazure approved these changes

Assignees
No one assigned
Labels
Component: HTML Reporter Type: Bug Something isn't working right.
Milestone
2.9
Development

Successfully merging this pull request may close these issues.
4 participants
@shlomif @platinumazure @Krinkle @trentmwillis