You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by mb...@apache.org on 2018/12/08 08:52:01 UTC
svn commit: r1848441 -
/ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/util/OfbizUtil.js
Author: mbrohl
Date: Sat Dec 8 08:52:01 2018
New Revision: 1848441
URL: http://svn.apache.org/viewvc?rev=1848441&view=rev
Log:
Fixed: UI bug in scrum component
(OFBIZ-10676)
When editing product backlog items, inserted javascript code was
executed on the client side. The confirmational blinking of the newly
added or changed value was implemented using the .html(value) function
of jQuery. This causes the html to be interpreted and the script to be
executed. But the data is stored, converting it into html, so not
considered to be a vulnerability.
The fix changes the call to .text. This prevents the html to be
interpreted.
Modified:
ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/util/OfbizUtil.js
Modified: ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/util/OfbizUtil.js
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/util/OfbizUtil.js?rev=1848441&r1=1848440&r2=1848441&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/util/OfbizUtil.js (original)
+++ ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/util/OfbizUtil.js Sat Dec 8 08:52:01 2018
@@ -868,7 +868,7 @@ function ajaxInPlaceEditDisplayField(ele
data : settings.submitdata,
success : function(data) {
// adding the new value to the field and make the modified field 'blink' a little bit to show the user that somethink have changed
- jElement.html(value).fadeOut(500).fadeIn(500).fadeOut(500).fadeIn(500).css('background-color', 'transparent');
+ jElement.text(value).fadeOut(500).fadeIn(500).fadeOut(500).fadeIn(500).css('background-color', 'transparent');
}
});
}, options);