** Changed in: mahara/1.3
Assignee: (unassigned) => Richard Mansfield (richard-mansfield)
** Changed in: mahara/1.4
Assignee: (unassigned) => Richard Mansfield (richard-mansfield)
** Changed in: mahara/1.3
Importance: Undecided => Low
** Changed in: mahara/1.3
Importance: Low => Medium
** Changed in: mahara/1.4
Importance: Undecided => Medium
** Changed in: mahara/1.3
Status: New => Confirmed
** Changed in: mahara/1.4
Status: New => Confirmed
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/817342
Title:
Unencoded strings included in viewacl javascript
Status in Mahara ePortfolio:
Confirmed
Status in Mahara 1.3 series:
Confirmed
Status in Mahara 1.4 series:
Confirmed
Bug description:
The viewacl template has javascript which includes strings directly
from the language pack in single quotes instead of json encoded.
Strings containing single quotes will result in syntax errors and will
stop the js from executing.
I'll mark this as "security" till I've had a chance to discuss it with
the others, but it's only exploitable by language pack maintainers, so
it's probably better as public.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/817342/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to : mahara-contributors@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mahara-contributors
More help : https://help.launchpad.net/ListHelp
