[#9524] - Highlight behavior hardening
- Fixed in Code Base
- 22 Mar 2016
- Medium
- Build: staging
- # 9524
- Diff
- jeffchannell:master
- Success continuous-integration/travis-ci/pr The Travis CI build passed Details
- Pending JTracker/HumanTestResults Human Test Results: 1 Successful 0 Failed. Details
User tests: Successful: Unsuccessful:
Pull Request for JSST report sent 5 Feb 2016.
Summary of Changes
- Added
JFilterOutput::stringJSSafe - Modified
JHtmlBehavior::highlighterto useJFilterOutput::stringJSSafe
Testing Instructions
Test URL: index.php?option=com_finder&highlight=WyJcXCIsIl0pO2FsZXJ0KDEpO1wvXC9cXCJd
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Labels |
Added:
?
|
||
Fixes the issue in the report. Just need to deal with the PHPCS issues when merging.
@joomla/security please review.
I have tested this item 
successfully on 90cabc1
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/9524.
wilsonge
- | Status | Pending | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2016-03-22 22:53:42 |
| Closed_By | ⇒ | wilsonge |
| Milestone |
Added: |
||
Good improvement, but a question about performance and output size: Do we need to hex-escape every character one by one, including all alphanumericals ? Can't we use a php function that js-escapes the whole string at once instead of handling it character by character ?
Possible functions for strings would include json_encode() and removing the first and last character with a substr() around it ?
@mbabker ...