Closed
Bug 490232
Opened 17 years ago
Closed 17 years ago
L10n isn't escaped in .js files
Categories
(addons.mozilla.org Graveyard :: Public Pages, defect, P1)
addons.mozilla.org Graveyard
Public Pages
Tracking
(Not tracked)
VERIFIED
FIXED
5.0.5
People
(Reporter: clouserw, Assigned: jbalogh)
Details
Attachments
(1 file, 2 obsolete files)
|
4.10 KB,
patch
|
clouserw
:
review+
|
Details | Diff | Splinter Review |
1) Load https://addons.mozilla.org/it/firefox/addon/4988
2) Note the JS error. It's because the locale uses single quotes in their string and this isn't being escaped.
|
Reporter | |
Comment 1•17 years ago
|
||
I'd like to get this in for 5.0.5
Severity: normal → critical
Priority: -- → P1
|
|
Reporter | |
Comment 2•17 years ago
|
||
Assignee: nobody → clouserw
Attachment #374685 -
Flags: review?(jbalogh)
|
Assignee | |
Comment 3•17 years ago
|
||
Comment on attachment 374685 [details] [diff] [review]
escape values
var addOnNotAvailableForPlatform = "";
_sanitizeArray escapes the param in place and doesn't return the escaped value, so everything comes out blank.
Attachment #374685 -
Flags: review?(jbalogh) → review-
|
|
Assignee | |
Comment 4•17 years ago
|
||
This one is closer, but not quite there because it breaks sprintf:
var addOnNotAvailableForPlatform = "%1$s is not available for %2$s.";
Attachment #374685 -
Attachment is obsolete: true
Attachment #374687 -
Flags: review?(clouserw)
|
|
Assignee | |
Comment 5•17 years ago
|
||
And it breaks inserting HTML:
var app_compat_update_firefox = "<a href="http://getfirefox.com">Upgrade Firefox</a> to use this add-on";
It seems the _sanitizeArray hammer is not quite right in this case.
|
|
Reporter | |
Updated•17 years ago
|
Assignee: clouserw → jbalogh
|
||
Comment 6•17 years ago
|
||
Yeah sanitizeArray is not a good idea for JS, it's HTML-escaping stuff. Just use addslashes.
|
|
Assignee | |
Comment 7•17 years ago
|
||
It's different from the one I showed you, using backslashes instead of html entities because that doesn't play well with javascript.
Attachment #374687 -
Attachment is obsolete: true
Attachment #374813 -
Flags: review?(clouserw)
Attachment #374687 -
Flags: review?(clouserw)
|
|
Reporter | |
Updated•17 years ago
|
Attachment #374813 -
Flags: review?(clouserw) → review+
|
|
Assignee | |
Comment 8•17 years ago
|
||
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
|
||
Comment 9•17 years ago
|
||
Verified FIXED:
Loading https://addons.mozilla.org/it/firefox/addon/4988, I get:
Error: missing ; before statement
Source File: https://addons.mozilla.org/it/firefox/pages/js_constants.js
Line: 30, Column: 25
Source Code:
var devcp_js_add_email = 'Inserire l'indirizzo e-mail dell'autore da aggiungere.';
Loading https://preview.addons.mozilla.org/it/firefox/addon/4988, however, I don't see any errors.
Status: RESOLVED → VERIFIED
|
||
Updated•10 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•