Closed
Bug 547504
Opened 15 years ago
Closed 15 years ago
Tags are being stripped from source code
Categories
(Websites Graveyard :: jetpackgallery.mozillalabs.com, defect)
Websites Graveyard
jetpackgallery.mozillalabs.com
Tracking
(Not tracked)
RESOLVED
WONTFIX
1.3
People
(Reporter: sephr, Unassigned)
Details
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.9 (KHTML, like Gecko) Chrome/5.0.307.9 Safari/532.9
Build Identifier:
As the summary says, <style> tags are being stripped from source code of Jetpacks. The tags in the Jetpack at the URL are before the /*<![CDATA[*/ and after the /*]]>*/.
The syntax of Jetpacks shouldn't be modified by the Jetpack Gallery.
Reproducible: Always
|
Reporter | |
Comment 1•15 years ago
|
||
It also seems that many other HTML tags are being stripped.
Why the heck are you guys attempting to sanitize the script as if it was markup?
Summary: <style> tags are being stripped from source code → Tags are being stripped from source code
|
||
Comment 2•15 years ago
|
||
Just to check, this doesn't happen if you host it yourself and install from there?
|
||
Comment 3•15 years ago
|
||
We will be monitoring all these issues after the rebooted Jetpack code base is released in the first week of March to ensure their causes are not duplicated. Many of the bugs/issues with the prototype version of Jetpack will be made irrelevant given the structure of the new SDK.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → WONTFIX
|
|
Reporter | |
Comment 4•15 years ago
|
||
(In reply to comment #2)
Nope.
(In reply to comment #3)
Please actually read what this bug is about before using your pre-made reply. This bug has nothing to do with Jetpack. It has to do with a problem of the Jetpack Gallery website. Can you change the status back?
|
|
Reporter | |
Comment 5•15 years ago
|
||
(In reply to comment #2)
By nope I mean it doesn't affect hosting it yourself. I just realized that that was mis-worded.
|
|
||
Comment 6•15 years ago
|
||
Reopening & moving to the right component. It might still be a wontfix - probably is, because as Daniel points out, it will become irrelevant, though surely there's some time before that happens.
Status: RESOLVED → UNCONFIRMED
Component: Jetpack → jetpackgallery.mozillalabs.com
Product: Mozilla Labs → Websites
QA Contact: jetpack → jetpackgallery-mozillalabs-com
Resolution: WONTFIX → ---
Target Milestone: -- → ---
|
|
||
Updated•15 years ago
|
Target Milestone: --- → 1.3
|
||
Comment 7•15 years ago
|
||
Here's a concrete example of this problem ("view source code" page doesn't display full code):
http://jetpackgallery.mozillalabs.com/jetpacks/129/code
The textarea displaying the code cuts it off only about 10 lines in, whereas the full code is almost 200 lines long. This is what the full code should look like:
http://jetpackgallery.mozillalabs.com/js/jetpacks/0/129.js
If I were a bad guy trying to slip something nasty into a jetpack, I'm pretty sure this is one of the techniques I'd use (adding <style> tags or other html code to the jetpack source) to try to trick users into installing the jetpack without seeing the full source code.
|
||
Comment 8•15 years ago
|
||
Closing as wont fix; shutting down Jetpack Gallery at the end of the month and redirecting all traffic to addons.mozilla.org.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago → 15 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•