William Grant has proposed merging lp:~wgrant/launchpad/bug-739915 into 
lp:launchpad.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~wgrant/launchpad/bug-739915/+merge/54296

LP.cache entries need to be escaped, or HTML in strings will be parsed by the 
browser. That's not optimal.

If IE did not exist then we could use XHTML, where <script> is PCDATA and the 
escaped JS would have entities expanded. But HTML's <script> is CDATA, so we 
have to live with some over-escaped values in the cache. Despite how bad this 
sounds, it won't affect URLs, and it worked fine until this vulnerability was 
introduced a month ago.
-- 
https://code.launchpad.net/~wgrant/launchpad/bug-739915/+merge/54296
Your team Launchpad code reviewers is requested to review the proposed merge of 
lp:~wgrant/launchpad/bug-739915 into lp:launchpad.
=== modified file 'lib/lp/app/templates/base-layout-macros.pt'
--- lib/lp/app/templates/base-layout-macros.pt	2011-02-28 01:09:21 +0000
+++ lib/lp/app/templates/base-layout-macros.pt	2011-03-22 05:39:31 +0000
@@ -170,13 +170,13 @@
                    '${links/?key/fmt:api_url}';">
     </script>
     <script tal:repeat="key objects"
-      tal:content="structure string:LP.cache['${key}'] =
+      tal:content="string:LP.cache['${key}'] =
                    ${objects/?key/webservice:json};">
     </script>
   </tal:cache>
 
   <script tal:condition="context/webservice:is_entry"
-    tal:content="structure string:LP.cache['context'] =
+    tal:content="string:LP.cache['context'] =
                  ${context/webservice:json};">
   </script>
 </metal:lp-client-cache>

_______________________________________________
Mailing list: https://launchpad.net/~launchpad-reviewers
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~launchpad-reviewers
More help   : https://help.launchpad.net/ListHelp

Reply via email to