You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Dan Klco (Jira)" <ji...@apache.org> on 2023/04/20 14:29:00 UTC
[jira] [Commented] (SLING-11833) The double quotes in the page js are escaped and cannot run js
[ https://issues.apache.org/jira/browse/SLING-11833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17714619#comment-17714619 ]
Dan Klco commented on SLING-11833:
----------------------------------
Looks like this was introduced with https://issues.apache.org/jira/browse/SLING-10050
The problem is that the new HTML5 serializer always escapes character sets instead of having the context of being in a script tag and therefore writing the characters without escaping.
> The double quotes in the page js are escaped and cannot run js
> --------------------------------------------------------------
>
> Key: SLING-11833
> URL: https://issues.apache.org/jira/browse/SLING-11833
> Project: Sling
> Issue Type: Bug
> Components: App CMS
> Affects Versions: Rewriter 1.3.0, App CMS 1.1.2
> Reporter: James Raynor
> Assignee: Dan Klco
> Priority: Major
> Attachments: 2023-04-19--09-56-41.png
>
>
> Edit the content on page:
> [http://localhost:8080/bin/browser.html/apps/reference/components/pages/base/base.jsp]
> then test it on page:
> [http://localhost:8080/content/apache/sling-apache-org/index.html]
> The test results are shown in the picture.
> Double quotes within the page are escaped, but in previous versions (e.g. 0.16.2) it was ok and there was no such problem.
> __________________________________________________________________________________________________________________________________
> 2023-04-20 update:
> "&&", "<", ">" also doesn't work anymore, e.g:
> if (result.data != null && result.data != '' && result.exist == 'true')
> if (result.data != null & amp;& amp; result.data != '' & amp;& amp; result.exist == 'true')
--
This message was sent by Atlassian Jira
(v8.20.10#820010)