Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PhantomJSEnv does not properly escape JS code in webpage #2376

Closed
gzm0 opened this issue May 1, 2016 · 2 comments
Closed

PhantomJSEnv does not properly escape JS code in webpage #2376

gzm0 opened this issue May 1, 2016 · 2 comments
Assignees
@gzm0
Labels
bug Confirmed bug. Needs to be fixed.
Milestone
v0.6.10

Comments

@gzm0
Copy link
Contributor

gzm0 commented May 1, 2016

The following code will fail:

console.log("<script></script>");
@gzm0 gzm0 self-assigned this May 1, 2016
@gzm0 gzm0 added the bug Confirmed bug. Needs to be fixed. label May 1, 2016
@gzm0 gzm0 added this to the v0.6.10 milestone May 1, 2016
@gzm0
Copy link
Contributor Author

gzm0 commented May 1, 2016

Discovered while debugging #2322.

@gzm0 gzm0 mentioned this issue May 1, 2016
Closed
@gzm0
Copy link
Contributor Author

gzm0 commented May 1, 2016

This is a hard problem:

PhantomJS seems to correctly interpret everything between <script> tags as CDATA, so simply escaping the tag doesn't work. Of course a closing </script> tag can only appear in a literal string, so usually the solution is to do:

console.log("<script></sc" + "ript>");

However, this is hard to back-fit on code (without parsing it) because JS has two types of quotes.

An easy fix would be to just write stuff to temp files and include it, completely mitigating the escaping issue. However, this wont work trivially for runner code, since we need to wrap it in an onload handler (see writeCodeLauncher).

An option would be to wrap it in a magic function, write it to a file, include the file via script tag and register the onload handler on the magic function. But that seems very ugly.

gzm0 added a commit to gzm0/scala-js that referenced this issue May 1, 2016
@gzm0
Fix scala-js#2376: PhantomJSEnv does not escape JS code
f883633
@gzm0 gzm0 added the has-pr label May 1, 2016
gzm0 added a commit to gzm0/scala-js that referenced this issue May 2, 2016
@gzm0
Fix scala-js#2376: PhantomJSEnv does not escape JS code
99cce72
gzm0 added a commit to gzm0/scala-js that referenced this issue May 2, 2016
@gzm0
Fix scala-js#2376: PhantomJSEnv does not escape JS code
3e0d900
gzm0 added a commit to gzm0/scala-js that referenced this issue May 4, 2016
@gzm0
Fix scala-js#2376: PhantomJSEnv does not escape JS code
d3f6847
@sjrd sjrd closed this as completed in f552597 May 11, 2016
sjrd added a commit that referenced this issue May 11, 2016
@sjrd
Merge pull request #2377 from gzm0/phantom-script-tag
dc05a38 
Fix #2376: PhantomJSEnv does not escape JS code
@sjrd sjrd mentioned this issue Jun 4, 2016
Closed
@sjrd sjrd removed the has-pr label Jun 13, 2016
sjrd pushed a commit to sjrd/scala-js-env-phantomjs that referenced this issue May 20, 2017
@gzm0
Fix scala-js/scala-js#2376: PhantomJSEnv does not escape JS code
9110106
sjrd pushed a commit to sjrd/scala-js-js-envs that referenced this issue Jun 15, 2020
@gzm0
Fix scala-js/scala-js#2376: PhantomJSEnv does not escape JS code
ac662e6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gzm0 gzm0

Labels
bug Confirmed bug. Needs to be fixed.
Projects
None yet
Milestone
v0.6.10
Development

No branches or pull requests
2 participants
@sjrd @gzm0