Return-Path: Delivered-To: apmail-incubator-wookie-dev-archive@minotaur.apache.org Received: (qmail 51932 invoked from network); 21 Nov 2009 22:53:03 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 21 Nov 2009 22:53:03 -0000 Received: (qmail 2825 invoked by uid 500); 21 Nov 2009 22:53:03 -0000 Delivered-To: apmail-incubator-wookie-dev-archive@incubator.apache.org Received: (qmail 2777 invoked by uid 500); 21 Nov 2009 22:53:03 -0000 Mailing-List: contact wookie-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: wookie-dev@incubator.apache.org Delivered-To: mailing list wookie-dev@incubator.apache.org Received: (qmail 2767 invoked by uid 99); 21 Nov 2009 22:53:03 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 21 Nov 2009 22:53:03 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 21 Nov 2009 22:53:01 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id B6D70234C04C for ; Sat, 21 Nov 2009 14:52:39 -0800 (PST) Message-ID: <481329655.1258843959733.JavaMail.jira@brutus> Date: Sat, 21 Nov 2009 22:52:39 +0000 (UTC) From: "Scott Wilson (JIRA)" To: wookie-dev@incubator.apache.org Subject: [jira] Commented: (WOOKIE-64) Wookie rewrites HTML start file incorrectly when injecting JavaScript: incorrectly encodes inline scripts In-Reply-To: <1696396823.1258500759575.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/WOOKIE-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12781064#action_12781064 ] Scott Wilson commented on WOOKIE-64: ------------------------------------ This is a tricky one to address. One workaround is to wrap scripts in CDATA sections using: fProps.setUseCdataForScriptAndStyle(true); And then later on reading back the file and stripping them out again (as they cause browser HTML parsing to fail): // go back and strip out the CDATA sections we wrapped our scripts in File file = new File(fStartPage.getAbsolutePath()); String result = FileUtils.readFileToString(file); String contentResult = result.toString().replaceAll("", ""); FileUtils.writeStringToFile(file, contentResult); I'm reluctant to commit this as a fix to the issue yet as I'm not sure it won't just create another problem down the line. > Wookie rewrites HTML start file incorrectly when injecting JavaScript: incorrectly encodes inline scripts > --------------------------------------------------------------------------------------------------------- > > Key: WOOKIE-64 > URL: https://issues.apache.org/jira/browse/WOOKIE-64 > Project: Wookie > Issue Type: Bug > Components: Server > Reporter: Scott Wilson > Priority: Blocker > Fix For: 0.8.1 > > Original Estimate: 2h > Remaining Estimate: 2h > > When a widget package is uploaded into Wookie, the start file is injected with Wookie javascripts using HTMLCleaner. > However, where a widget start file already includes inline JavaScript, the output is entity encoded; e.g.: > if( window.widget.preferences["test1"] == "pass1" && > Becomes: > if( window.widget.preferences["test1"] == "pass1" && > This breaks a lot of scripts. > To test, use any of the test widgets at: http://dev.w3.org/2006/waf/widgets-api/test-suite/ > This is probably best tackled in conjunction with WOOKIE-42 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.