Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-4437

CLONE - Javascript string with </script> escape issue

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: 6.5.3, 9.0.0
    • Fix Version/s: None
    • Component/s: ZK Loader
    • Labels:
      None

      Description

      Similar to ZK-1836 the error can be reproduced by adding a space after "script"

      <zk>
        If you can see the log with "&lt;/script >", the bug is fixed.
        <script>
          var s = "&lt;/script >";
          zk.log(s);
        </script>
      </zk>
      

      or

      <zk>
        If you can see the log with "&lt;/script >", the bug is fixed.
        <script><![CDATA[
          var s = "</script >";
          zk.log(s);    
        ]]></script>
      </zk>
      

      Assuming other breaking variants exist we should consider using a dedicated encoding/escaping library.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              cor3000 cor3000
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: