Uploaded image for project: 'XWiki Commons'
  1. XWiki Commons
  2. XCOMMONS-3410

$jsontool and $escapetool should escape < to allow safe usage in <script> tags

    XMLWordPrintable

Details

    • Unit
    • Unknown
    • N/A
    • N/A

    Description

      Steps to reproduce:

      Create a page with the content

      {{velocity}}{{html}}
<script>$jsontool.serialize({
  'closeComment': '-->',
  'closeScript': '</script>',
  'openComment': '<!--',
  'openScript': '<script>'
});
'$escapetool.javascript('<!--')';
</script>
<h1>Success! ๐ŸŽ‰</h1>
{{/html}}{{/velocity}}

      Expected result:

      The text "Success! ๐ŸŽ‰" is displayed on the page, the XWiki UI is displayed regularly.

      Actual result:

      The text isn't displayed.ย The panels and the footer of the wiki are missing.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. XCOMMONS-3424 $jsontool and $escapetool does not escape < to allow safe usage in <script> tags on XWiki 16.10.11

          • Major - Major loss of function.
          • Closed

          Activity

            People

              MichaelHamann Michael Hamann
              MichaelHamann Michael Hamann
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: