Closed Bug 965852 Opened 12 years ago Closed 12 years ago

Standardize on single quotes in slave health

Categories

(Release Engineering :: General, defect)

Product:
Release Engineering
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: coop, Assigned: coop)

References

Details

(Whiteboard: [slavehealth])

From https://bugzilla.mozilla.org/show_bug.cgi?id=956414#c10 : The encoder appears to do something funky when encountering single quotes. https://secure.pub.build.mozilla.org/builddata/reports/slave_health/slave.html?class=%27abcd&name=%27efgh&type=%27ijkl The resulting source contains the following elements <a href="./slavetype.html?class=" abcd&type="ijkl">'ijkl</a></div> <div id="bugicon"><span id="" efgh'=""> vs without single quote <a href="./slavetype.html?class=abcd&amp;type=ijkl">ijkl</a> <span id="efgh"> Note how abcd and efgh turn into attributes. It appears that HTML entities such as ", >, <, and = are encoded properly. This prevents something similar to class == 'onmouseover=alert(1) from working in the both cases. I believe changing all the HTML string generation in the JS to use double-quotes instead of single quotes for values /should/ fix it. However I'm unfamiliar with this particular jquery library.
Blocks: 821883
https://hg.mozilla.org/users/coop_mozilla.com/slave_health/rev/0faf2c18966e
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Component: Tools → General
You need to log in before you can comment on or make changes to this bug.