Summary: | "<input>" in string resulted in an input box on translation page | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Technology] Babel | Reporter: | Kit Lo <kitlo> | ||||||
Component: | Server | Assignee: | Babel server inbox <babel.server-inbox> | ||||||
Status: | RESOLVED FIXED | QA Contact: | |||||||
Severity: | normal | ||||||||
Priority: | P1 | CC: | gabe.obrien | ||||||
Version: | unspecified | ||||||||
Target Milestone: | --- | ||||||||
Hardware: | PC | ||||||||
OS: | Windows XP | ||||||||
URL: | /babel/index.php | ||||||||
Whiteboard: | |||||||||
Attachments: |
|
That is funny. We need a filter_html($raw_html) function of some sort with will process HTML-bound strings and filter special characters (> to > < to < etc...) I was just thinking about ajax security and cross site scripting issues in relation to the babel server code. So this bug is well timed. Now I can look over those other issues while fixing a known bug! *** Bug 220638 has been marked as a duplicate of this bug. *** I will fix this while I am working on bug #220625. Fixed in code and will be live with next roll out. Created attachment 91175 [details]
one problem left
Not sure if all fixes have been applied to the Staging Server. I saw that 2 of the input boxes were fixed. I still see an input box in the String Translation pane.
I fixed the issue with that 3rd input box and the patch is up on the staging server. Fixed > R_0_200802291325 |
Created attachment 90904 [details] screen capture "<input>" in string resulted in an input box on translation page. Problem string: org.eclipse.ant.ui/Ant Runner Support/org/eclipse/ant/internal/ui/antsupport/AntSupportMessages.properties Key: AntInputHandler_Unable_to_respond_to__input__request_4