Closed Bug 588574 Opened 14 years ago Closed 14 years ago

Migrate Sheriff app templates from ERB to Mustache

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: kourge, Unassigned)

Details

Wilson Lee [:kourge]

Reporter

Description

•

14 years ago

The sheriff app currently has model logic littered all over the ERB templates. ERB output is raw, unescaped by default, in contrast with Mustache[1], where everything is escaped by default and logic is almost completely shifted to view classes.

The rewritten phonebook in incubation currently uses Mustache and has been tested against many malicious input.

[1] http://mustache.github.com/

Wilson Lee [:kourge]

Reporter

Comment 1

•

14 years ago

For now, XSS holes are being plugged individually. Removing |blocks bug 588565|.

No longer blocks: 588565

Michael Morgan [:morgamic]

Comment 2

•

14 years ago

reopen if it's still valid.

Status: NEW → RESOLVED

Closed: 14 years ago

Resolution: --- → FIXED

BMO Automation

Updated

•

6 years ago

Product: mozilla.org → mozilla.org Graveyard

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Migrate Sheriff app templates from ERB to Mustache

Categories

(mozilla.org Graveyard :: Webdev, task)

Tracking

(Not tracked)

People

(Reporter: kourge, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Updated