User tests: Successful: Unsuccessful:
Pull Request for JSST report sent 5 Feb 2016.
JFilterOutput::stringJSSafe
JHtmlBehavior::highlighter
to use JFilterOutput::stringJSSafe
Test URL: index.php?option=com_finder&highlight=WyJcXCIsIl0pO2FsZXJ0KDEpO1wvXC9cXCJd
Status | New | ⇒ | Pending |
Labels |
Added:
?
|
Fixes the issue in the report. Just need to deal with the PHPCS issues when merging.
@joomla/security please review.
I have tested this item successfully on 90cabc1
Status | Pending | ⇒ | Fixed in Code Base |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2016-03-22 22:53:42 |
Closed_By | ⇒ | wilsonge |
Milestone |
Added: |
Good improvement, but a question about performance and output size: Do we need to hex-escape every character one by one, including all alphanumericals ? Can't we use a php function that js-escapes the whole string at once instead of handling it character by character ?
Possible functions for strings would include json_encode() and removing the first and last character with a substr() around it ?
@mbabker ...