Closed
Bug 1084015
Opened 10 years ago
Closed 9 years ago
Add warnings for unsafe template escape sequences
Categories
(addons.mozilla.org Graveyard :: Add-on Validation, defect)
addons.mozilla.org Graveyard
Add-on Validation
Tracking
(Not tracked)
RESOLVED
FIXED
2015-02
People
(Reporter: kmag, Assigned: kmag)
References
Details
(Whiteboard: [ReviewTeam:P1])
We should warn on uses of non-HTML-escaping template escape sequences for common template libraries.
• `<%=` should warn that `<%-` should generally be used instead, and adequate escaping must be ensured otherwise.
• `{{{` should warn that `{{` should generally be used instead, and adequate escaping must be ensured otherwise.
These warnings should be emitted any time those strings appear in JavaScript strings or HTML files.
Additionally, the use of the `Handlebars.SafeString` method should cause some kind of warning about not using it with unsafe remote content to be emitted.
|
Assignee | |
Updated•10 years ago
|
Whiteboard: [ReviewTeam] → [ReviewTeam:P1]
|
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → kmaglione+bmo
|
|
Assignee | |
Comment 1•10 years ago
|
||
https://github.com/mozilla/amo-validator/pull/262/
|
|
Assignee | |
Updated•9 years ago
|
Target Milestone: --- → 2015-02
|
||
Comment 2•9 years ago
|
||
PR 262 was merged in https://github.com/mozilla/amo-validator/commit/f2314d8aa0bde352308802439306f9c67a117da8, anything missing for this bug to be marked as fixed?
|
||
Updated•9 years ago
|
Flags: needinfo?(kmaglione+bmo)
|
|
Assignee | |
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(kmaglione+bmo)
Resolution: --- → FIXED
|
||
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•