Re: [Dev] Fwd: Security questions are encoded

2017-02-28 Thread Manuranga Perera
1) Please don't put inline JS in HTML, this is an old practice, people don't do this anymore [1]. In fact, in my opinion, we should block that using Content-Security-Policy 2) If you want to send information form backbend-JS to frountend-JS please use sendToClient feature of UUF [1]

Re: [Dev] Fwd: Security questions are encoded

2017-02-27 Thread Denuwanthi De Silva
Issue is created in [1] [1]https://github.com/wso2/carbon-uuf/issues/193 Thanks On Tue, Feb 28, 2017 at 11:53 AM, Nuwandi Wickramasinghe wrote: > Does this encoding work properly when sent in javascript attributes as > well? I recently noticed that following type of calls

Re: [Dev] Fwd: Security questions are encoded

2017-02-27 Thread Nuwandi Wickramasinghe
Does this encoding work properly when sent in javascript attributes as well? I recently noticed that following type of calls do not work as expected if the value *question *contains a single quote. On Tue, Jan 31, 2017 at 11:04 PM, Manuranga Perera wrote: > UUF automatically

Re: [Dev] Fwd: Security questions are encoded

2017-01-31 Thread Manuranga Perera
On Tue, Jan 31, 2017 at 5:34 PM, Manuranga Perera wrote: > UUF automatically escaping sensitive characters [1]. Please don't use > 'encoding' for 'escaping'. > > [1] https://github.com/jknack/handlebars.java/blob/ > 1f6c48e606dc1303d1e92a0a0eaa94120eba64fd/handlebars/src/ >

Re: [Dev] Fwd: Security questions are encoded

2017-01-31 Thread Manuranga Perera
UUF automatically escaping sensitive characters [1]. Please don't use 'encoding' for 'escaping'. [1] https://github.com/jknack/handlebars.java/blob/1f6c48e606dc1303d1e92a0a0eaa94120eba64fd/handlebars/src/main/java/com/github/jknack/handlebars/EscapingStrategy.java#L82 On Tue, Jan 31, 2017 at

Re: [Dev] Fwd: Security questions are encoded

2017-01-31 Thread Jayanga Kaushalya
Hi Manuranga, This is not because of a security reason. The security question set id may contains html special characters. So the set id is sent to the UI after encoding to Base64. Thanks! *Jayanga Kaushalya* Software Engineer Mobile: +94777860160 <+94%2077%20786%200160> WSO2 Inc. |

[Dev] Fwd: Security questions are encoded

2017-01-31 Thread Manuranga Perera
-- Forwarded message -- From: Manuranga Perera Date: Tue, Jan 31, 2017 at 5:11 PM Subject: Security questions are encoded To: Johann Nallathamby , Jayanga Kaushalya < jayan...@wso2.com>, Isura Karunaratne Security questions are