Reviewed: https://reviews.mahara.org/575 Committed: http://gitorious.org/mahara/mahara/commit/b3506a4a7dc735f7fd4fa18c538921fce3ed43e1 Submitter: Richard Mansfield ([email protected]) Branch: 1.3_STABLE
commit b3506a4a7dc735f7fd4fa18c538921fce3ed43e1 Author: Richard Mansfield <[email protected]> Date: Wed Aug 10 10:35:52 2011 +1200 Json-encode strings included in viewacl javascript (bug #817342) Adds a new dwoo function to json-encode strings for inclusion in template javascript, and uses the function in the viewacl template. Change-Id: I67af2dc10a975c0c71609106a0251e8ab8e8d7b6 Signed-off-by: Richard Mansfield <[email protected]> -- You received this bug notification because you are a member of Mahara Core, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/817342 Title: Unencoded strings included in viewacl javascript Status in Mahara ePortfolio: Confirmed Status in Mahara 1.3 series: Confirmed Status in Mahara 1.4 series: Confirmed Bug description: The viewacl template has javascript which includes strings directly from the language pack in single quotes instead of json encoded. Strings containing single quotes will result in syntax errors and will stop the js from executing. I'll mark this as "security" till I've had a chance to discuss it with the others, but it's only exploitable by language pack maintainers, so it's probably better as public. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/817342/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-core Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-core More help : https://help.launchpad.net/ListHelp
