? Pending

User tests: Successful: Unsuccessful:

avatar jeffchannell
jeffchannell
22 Mar 2016

Pull Request for JSST report sent 5 Feb 2016.

Summary of Changes

  • Added JFilterOutput::stringJSSafe
  • Modified JHtmlBehavior::highlighter to use JFilterOutput::stringJSSafe

Testing Instructions

Test URL: index.php?option=com_finder&highlight=WyJcXCIsIl0pO2FsZXJ0KDEpO1wvXC9cXCJd

avatar jeffchannell jeffchannell - open - 22 Mar 2016
avatar jeffchannell jeffchannell - change - 22 Mar 2016
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 22 Mar 2016
Labels Added: ?
avatar jeffchannell
jeffchannell - comment - 22 Mar 2016

@mbabker ...

avatar mbabker
mbabker - comment - 22 Mar 2016

Fixes the issue in the report. Just need to deal with the PHPCS issues when merging.

@joomla/security please review.

avatar jeffchannell
jeffchannell - comment - 22 Mar 2016

@mbabker checks all passed

avatar andrepereiradasilva andrepereiradasilva - test_item - 22 Mar 2016 - Tested successfully
avatar andrepereiradasilva
andrepereiradasilva - comment - 22 Mar 2016

I have tested this item :white_check_mark: successfully on 90cabc1


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/9524.

avatar wilsonge wilsonge - change - 22 Mar 2016
Status Pending Fixed in Code Base
Closed_Date 0000-00-00 00:00:00 2016-03-22 22:53:42
Closed_By wilsonge
avatar wilsonge wilsonge - close - 22 Mar 2016
avatar wilsonge wilsonge - merge - 22 Mar 2016
avatar wilsonge wilsonge - reference | abedb03 - 22 Mar 16
avatar wilsonge wilsonge - merge - 22 Mar 2016
avatar wilsonge wilsonge - close - 22 Mar 2016
avatar wilsonge wilsonge - change - 22 Mar 2016
Milestone Added:
avatar beat
beat - comment - 22 Mar 2016

Good improvement, but a question about performance and output size: Do we need to hex-escape every character one by one, including all alphanumericals ? Can't we use a php function that js-escapes the whole string at once instead of handling it character by character ?

Possible functions for strings would include json_encode() and removing the first and last character with a substr() around it ?

avatar beat
beat - comment - 22 Mar 2016

@wilsonge @mbabker Please check my feedback that I was writing while you were already merging

Add a Comment

Login with GitHub to post a comment