incubator-wookie-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Wilson (JIRA)" <j...@apache.org>
Subject [jira] Commented: (WOOKIE-64) Wookie rewrites HTML start file incorrectly when injecting JavaScript: incorrectly encodes inline scripts
Date Sat, 21 Nov 2009 22:52:39 GMT

    [ https://issues.apache.org/jira/browse/WOOKIE-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12781064#action_12781064
] 

Scott Wilson commented on WOOKIE-64:
------------------------------------

This is a tricky one to address. One workaround is to wrap scripts in CDATA sections using:

		fProps.setUseCdataForScriptAndStyle(true);

And then later on reading back the file and stripping them out again (as they cause browser
HTML parsing to fail):

		// go back and strip out the CDATA sections we wrapped our scripts in
		File file = new File(fStartPage.getAbsolutePath());
		String result = FileUtils.readFileToString(file);
		 String contentResult = result.toString().replaceAll("<!\\[CDATA\\[", "");
		 contentResult = contentResult.toString().replaceAll("\\]\\]>", "");
	        FileUtils.writeStringToFile(file, contentResult);

I'm reluctant to commit this as a fix to the issue yet as I'm not sure it won't just create
another problem down the line. 

> Wookie rewrites HTML start file incorrectly when injecting JavaScript: incorrectly encodes
inline scripts
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: WOOKIE-64
>                 URL: https://issues.apache.org/jira/browse/WOOKIE-64
>             Project: Wookie
>          Issue Type: Bug
>          Components: Server
>            Reporter: Scott Wilson
>            Priority: Blocker
>             Fix For: 0.8.1
>
>   Original Estimate: 2h
>  Remaining Estimate: 2h
>
> When a widget package is uploaded into Wookie, the start file is injected with Wookie
javascripts using HTMLCleaner.
> However, where a widget start file already includes inline JavaScript, the output is
entity encoded; e.g.:
> 			if( window.widget.preferences["test1"]  == "pass1" &&
> Becomes:
> 			if( window.widget.preferences[&quot;test1&quot;]  == "pass1" &amp;&amp;
> This breaks a lot of scripts.
> To test, use any of the test widgets at: http://dev.w3.org/2006/waf/widgets-api/test-suite/
> This is probably best tackled in conjunction with WOOKIE-42

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message