** Changed in: mahara/1.3
Status: Confirmed => Fix Committed
** Changed in: mahara/1.4
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Mahara
Core, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/817342
Title:
Unencoded strings included in viewacl javascript
Status in Mahara ePortfolio:
Confirmed
Status in Mahara 1.3 series:
Fix Committed
Status in Mahara 1.4 series:
Fix Committed
Bug description:
The viewacl template has javascript which includes strings directly
from the language pack in single quotes instead of json encoded.
Strings containing single quotes will result in syntax errors and will
stop the js from executing.
I'll mark this as "security" till I've had a chance to discuss it with
the others, but it's only exploitable by language pack maintainers, so
it's probably better as public.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/817342/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~mahara-core
Post to : [email protected]
Unsubscribe : https://launchpad.net/~mahara-core
More help : https://help.launchpad.net/ListHelp
