Re: web frontend encodes JavaScript

To: debian-security-tracker@lists.debian.org
Subject: Re: web frontend encodes JavaScript
From: Nico Golde <nico@ngolde.de>
Date: Fri, 31 Aug 2007 13:54:18 +0200
Message-id: <[🔎] 20070831115418.GA7597@ngolde.de>
In-reply-to: <[🔎] 200708311324.45428.thijs@debian.org>
References: <[🔎] 200708311324.45428.thijs@debian.org>

Hi,
* Thijs Kinkhorst <thijs@debian.org> [2007-08-31 13:26]:
> The security tracker frontend encodes JavaScript, resulting in an invalid 
> if-construct like below (the &gt; in the third line):
> 
> function onSearch(query) {
>   if (old_query_value == "") {
>     if (query.length &gt; 5) {
> 
> I'm not really familiar with the web toolkit that it uses, so maybe someone 
> who is can take a look at this.

As far as I know web browser don't process the escapes found 
in embedded java script so changing > to &gt; should be 
enough. In the hope my commit does not break anything :)
Nico
-- 
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpk59pQAJCoH.pgp
Description: PGP signature

Reply to:

References:
- web frontend encodes JavaScript
  - From: Thijs Kinkhorst <thijs@debian.org>

Prev by Date: web frontend encodes JavaScript
Next by Date: Re: pre-commit hook to check syntax
Previous by thread: web frontend encodes JavaScript
Next by thread: Re: web frontend encodes JavaScript
Index(es):
- Date
- Thread