Reviewed: https://reviews.mahara.org/533 Committed: http://gitorious.org/mahara/mahara/commit/1eb96a3dcc997260f5d5bbf1157101f82f65ff75 Submitter: Francois Marier ([email protected]) Branch: master
commit 1eb96a3dcc997260f5d5bbf1157101f82f65ff75 Author: Richard Mansfield <[email protected]> Date: Fri Jul 29 11:10:36 2011 +1200 Json-encode strings included in viewacl javascript (bug #817342) Adds a new dwoo function to json-encode strings for inclusion in template javascript, and uses the function in the viewacl template. Change-Id: Ie632061fe94a2adc2943a3d830695a44650847af Signed-off-by: Richard Mansfield <[email protected]> -- You received this bug notification because you are a member of Mahara Core, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/817342 Title: Unencoded strings included in viewacl javascript Status in Mahara ePortfolio: Fix Committed Status in Mahara 1.3 series: Fix Committed Status in Mahara 1.4 series: Fix Committed Bug description: The viewacl template has javascript which includes strings directly from the language pack in single quotes instead of json encoded. Strings containing single quotes will result in syntax errors and will stop the js from executing. I'll mark this as "security" till I've had a chance to discuss it with the others, but it's only exploitable by language pack maintainers, so it's probably better as public. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/817342/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-core Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-core More help : https://help.launchpad.net/ListHelp
