1) Please don't put inline JS in HTML, this is an old practice, people
don't do this anymore [1]. In fact, in my opinion, we should block that
using Content-Security-Policy
2) If you want to send information form backbend-JS to frountend-JS please
use sendToClient feature of UUF
[1]
Issue is created in [1]
[1]https://github.com/wso2/carbon-uuf/issues/193
Thanks
On Tue, Feb 28, 2017 at 11:53 AM, Nuwandi Wickramasinghe
wrote:
> Does this encoding work properly when sent in javascript attributes as
> well? I recently noticed that following type of calls
Does this encoding work properly when sent in javascript attributes as
well? I recently noticed that following type of calls do not work as
expected if the value *question *contains a single quote.
On Tue, Jan 31, 2017 at 11:04 PM, Manuranga Perera wrote:
> UUF automatically
On Tue, Jan 31, 2017 at 5:34 PM, Manuranga Perera wrote:
> UUF automatically escaping sensitive characters [1]. Please don't use
> 'encoding' for 'escaping'.
>
> [1] https://github.com/jknack/handlebars.java/blob/
> 1f6c48e606dc1303d1e92a0a0eaa94120eba64fd/handlebars/src/
>
UUF automatically escaping sensitive characters [1]. Please don't use
'encoding' for 'escaping'.
[1]
https://github.com/jknack/handlebars.java/blob/1f6c48e606dc1303d1e92a0a0eaa94120eba64fd/handlebars/src/main/java/com/github/jknack/handlebars/EscapingStrategy.java#L82
On Tue, Jan 31, 2017 at
Hi Manuranga,
This is not because of a security reason. The security question set id may
contains html special characters. So the set id is sent to the UI after
encoding to Base64.
Thanks!
*Jayanga Kaushalya*
Software Engineer
Mobile: +94777860160 <+94%2077%20786%200160>
WSO2 Inc. |
-- Forwarded message --
From: Manuranga Perera
Date: Tue, Jan 31, 2017 at 5:11 PM
Subject: Security questions are encoded
To: Johann Nallathamby , Jayanga Kaushalya <
jayan...@wso2.com>, Isura Karunaratne
Security questions are