Closed Bug 1066858 Opened 11 years ago Closed 11 years ago

Unicode characters in product_name breaking logging (and all payments for non-ascii products)

Categories

(Marketplace Graveyard :: Payments/Refunds, defect, P1)

Product:
Marketplace Graveyard
Component:
Payments/Refunds
Version:
Avenir
Platform:
x86
macOS
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME
Milestone:
2014-09-16

People

(Reporter: jlockhart, Assigned: kumar)

References

Details

(Whiteboard: [qa+])

Attachments

(1 file)

Screenshot.png
317.35 KB, image/png
Details
UnicodeEncodeError: 'ascii' codec can't encode character u'\u2018' in position 14: ordinal not in range(128) Stacktrace (most recent call last): File "celery/task/trace.py", line 228, in trace_task R = retval = fun(*args, **kwargs) File "celery/task/trace.py", line 415, in __protected_call__ return self.run(*args, **kwargs) File "nuggets/celeryutils.py", line 35, in wrapped return fun(*args, **kw) File "multidb/pinning.py", line 46, in decorator return func(*args, **kw) File "multidb/pinning.py", line 46, in decorator return func(*args, **kw) File "django/db/transaction.py", line 223, in inner return func(*args, **kwargs) File "webpay/pay/tasks.py", line 261, in start_pay mnc=network.get('mnc') File "lib/solitude/api.py", line 303, in start_transaction provider_seller_uuid=provider_seller_uuid) File "lib/solitude/api.py", line 339, in create_product provider_seller_uuid=provider_seller_uuid))
Assignee: nobody → kumar.mcmillan
Priority: -- → P1
Target Milestone: --- → 2014-09-16
Summary: Unicode characters in product_name breaking logging → Unicode characters in product_name breaking logging (and all payments for non-ascii products)
Fixed: https://github.com/mozilla/webpay/pull/556 Also tagged for Tuesday's release: https://github.com/mozilla/webpay/compare/2014.09.02...2014.09.16
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
See bug 1066359 for STR
Whiteboard: [qa+]
I am still able to reproduce the issue for the in-app product named <script>alert(‘Problem1')</script> @ https://marketplace.allizom.org/developers/app/fxpay/in-app-payments/in-app-products/
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
When I add a product named with an XSS (<script>alert(‘Problem1')</script>) here: https://marketplace.allizom.org/developers/app/in-app-payments-test/in-app-payments/in-app-products/ That product is not shown in the list when opening the app.
it could be a temporary caching issue. Did you try quitting and re-opening the app? I was able to add a product by that same name and see it show up http://payments-alt.allizom.org/
products are intentionally cached to manage API server load. Try quitting/reopening the app. If that doesn't work, re-open.
Status: REOPENED → RESOLVED
Closed: 11 years ago11 years ago
Resolution: --- → FIXED
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Attached image Screenshot.png
I will reopen this bug, because when I added a in-app product named "<script>alert(‘Problem1')</script>" the product is not appearing in the app and also is blocking other products to show. I am getting "Error: call to eval() blocked by CSP" See screenshot.
the eval() error is always present whenever jquery runs. It is probably not related. I will take another look at this issue.
What you are describing sounds like a bug in your tester app, not in fxpay itself. If you look at the fxpay example app, HTML would need to be escaped like this to show an app with HTML in its name: https://github.com/mozilla/fxpay/blob/master/example/js/index.js#L60 I can verify that an app by the name <script>alert(‘Problem1')</script> can be listed correctly in the fxpay example app and the purchase be started. Does this help you locate the issue in your tester app?
Thanks for looking into this. I have modified my tester app and it works now! Thanks, works fine. :)
Status: REOPENED → RESOLVED
Closed: 11 years ago11 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: