https://bugzilla.wikimedia.org/show_bug.cgi?id=32147
--- Comment #3 from Brion Vibber <[email protected]> 2011-11-03 16:48:26 UTC --- What the heck... if ( val === false ) { return false; } else if ( typeof val == 'string' ) { if ( !( eval( 'profile.version' + op + '"' + val + '"' ) ) ) { return false; } } else if ( typeof val == 'number' ) { if ( !( eval( 'profile.versionNumber' + op + val ) ) ) { return false; } } in jquery.client's test() method, which is used to test the found data against whitelist/blacklist maps. This just looks ALL KINDS of wrong. First, eval() -- always bad. Second, if doing greater-than/less-than comparisons with strings -- as with the '7.0.1' or '10.0.0' that you might get from Firefox -- that's gonna fail utterly. Of course browser version sniffing is almost ALWAYS the wrong thing to do, so nothing *should* be doing these sorts of comparisons anyway... -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
