You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@wookie.apache.org by "Scott Wilson (JIRA)" <ji...@apache.org> on 2009/12/04 11:24:20 UTC

[jira] Work logged: (WOOKIE-64) Wookie rewrites HTML start file incorrectly when injecting JavaScript: incorrectly encodes inline scripts

     [ https://issues.apache.org/jira/browse/WOOKIE-64?page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#action_10955 ]

Scott Wilson logged work on WOOKIE-64:
--------------------------------------

                Author: Scott Wilson
            Created on: 04/Dec/09 10:22 AM
            Start Date: 04/Dec/09 10:21 AM
    Worklog Time Spent: 1h 
      Work Description: I've committed a partial fix using CDATA sections; there are still some errors when using inline styles as - contrary to the documentation for HTMLCleaner - these don't seem to be similarly protected by the same measure.

Issue Time Tracking
-------------------

            Time Spent: 3h  (was: 2h)
    Remaining Estimate: 0h  (was: 1h)

> Wookie rewrites HTML start file incorrectly when injecting JavaScript: incorrectly encodes inline scripts
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: WOOKIE-64
>                 URL: https://issues.apache.org/jira/browse/WOOKIE-64
>             Project: Wookie
>          Issue Type: Bug
>          Components: Server
>            Reporter: Scott Wilson
>            Priority: Blocker
>             Fix For: 0.8.1
>
>   Original Estimate: 2h
>          Time Spent: 3h
>  Remaining Estimate: 0h
>
> When a widget package is uploaded into Wookie, the start file is injected with Wookie javascripts using HTMLCleaner.
> However, where a widget start file already includes inline JavaScript, the output is entity encoded; e.g.:
> 			if( window.widget.preferences["test1"]  == "pass1" &&
> Becomes:
> 			if( window.widget.preferences[&quot;test1&quot;]  == "pass1" &amp;&amp;
> This breaks a lot of scripts.
> To test, use any of the test widgets at: http://dev.w3.org/2006/waf/widgets-api/test-suite/
> This is probably best tackled in conjunction with WOOKIE-42

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.