-
Notifications
You must be signed in to change notification settings - Fork 385
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PhantomJSEnv does not properly escape JS code in webpage #2376
Comments
Discovered while debugging #2322. |
This is a hard problem: PhantomJS seems to correctly interpret everything between console.log("<script></sc" + "ript>"); However, this is hard to back-fit on code (without parsing it) because JS has two types of quotes. An easy fix would be to just write stuff to temp files and include it, completely mitigating the escaping issue. However, this wont work trivially for runner code, since we need to wrap it in an onload handler (see An option would be to wrap it in a magic function, write it to a file, include the file via script tag and register the onload handler on the magic function. But that seems very ugly. |
Fix #2376: PhantomJSEnv does not escape JS code
The following code will fail:
The text was updated successfully, but these errors were encountered: