Jacques Le Roux created OFBIZ-12356:
---------------------------------------
Summary: Try to reduce "Incomplete string escaping or encoding
branch" issues reported by CodeQL
Key: OFBIZ-12356
URL: https://issues.apache.org/jira/browse/OFBIZ-12356
Project: OFBiz
Issue Type: Improvement
Components: themes
Affects Versions: Trunk
Reporter: Jacques Le Roux
Assignee: Jacques Le Roux
At
https://github.com/apache/ofbiz-framework/security/code-scanning?query=is%3AIncomplete+string+escaping+or+encoding+branch%3Atrunk+severity%3Ahigh
GH CodeQL reports 556 "Incomplete string escaping or encoding branch" issues
(there are 588 issues at all).
Most of them are in jQuery-UI but not only:
{quote}
Incomplete string escaping or encoding
(Library)
themes/common-theme/webapp/common/js/jquery/ui/jquery-ui-1.12.1.js:17591 •
{quote}
Some are reported inside jQuery itself:
{quote}
Incomplete string escaping or encoding
themes/common-theme/webapp/common/js/jquery/plugins/jsTree/jquery.jstree.js:2961
•
{quote}
So this only an attemp to clarify among the 23 pages(!) reported by upgradind
jQuery-UI to 1.13.0.
While working on this I crossed an issue related to element.form() that is now
[element._form() in jQuery-UI
1.13.0|https://jqueryui.com/changelog/1.13.0/#ui-core]. I think it appears only
in OfbizUtil.js because it's loaded after jQuery-UI.
I also tried to load jQuery-UI with npmInstall but unfortunately
https://jqueryui.com/upgrade-guide/1.12/#official-package-on-npm (ie
jquery-ui.js & jquery-ui-min.js)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
