OFBiz › OFBiz - Commits

svn commit: r1848442 - in /ofbiz/ofbiz-framework/branches/release17.12: ./ themes/common/webapp/common/js/util/OfbizUtil.js

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

mbrohl

svn commit: r1848442 - in /ofbiz/ofbiz-framework/branches/release17.12: ./ themes/common/webapp/common/js/util/OfbizUtil.js

Author: mbrohl
Date: Sat Dec 8 08:58:52 2018
New Revision: 1848442

URL: http://svn.apache.org/viewvc?rev=1848442&view=rev
Log:
Applied fix from trunk for revision: 1848441
===

Fixed: UI bug in scrum component
(OFBIZ-10676)

When editing product backlog items, inserted javascript code was
executed on the client side. The confirmational blinking of the newly
added or changed value was implemented using the .html(value) function
of jQuery. This causes the html to be interpreted and the script to be
executed. But the data is stored, converting it into html, so not
considered to be a vulnerability.
The fix changes the call to .text. This prevents the html to be
interpreted.

Thanks Benjamin Jugl for providing the patch.

Modified:
ofbiz/ofbiz-framework/branches/release17.12/ (props changed)
ofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/util/OfbizUtil.js

Propchange: ofbiz/ofbiz-framework/branches/release17.12/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Dec 8 08:58:52 2018
@@ -10,4 +10,4 @@
/ofbiz/branches/json-integration-refactoring:1634077-1635900
/ofbiz/branches/multitenant20100310:921280-927264
/ofbiz/branches/release13.07:1547657
-/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1823467,1823562,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826805,1826938,1826997,1827439,1828255,1828316,1828346,1828424,1828512,1828514,1829690,1830936,1831074,1831078,1831234,1831608,1831831,1832577,1832662,1832756,1832800,1832944,1833173,1833211,1834181,1834191,1834736,1835235,1835887,1835891,1835953,1835964,1836144,1836871,1837857,1838032,1838256,1838381,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1844943,1845418,1845420,1845466,1845544,1845552,1845558,1845933,1845995,1846097,1846107,1846214,1846594,1846632,1847398,1847478,1847670,1847715,1847890,1848263,
1848336,1848386,1848398
+/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1823467,1823562,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826805,1826938,1826997,1827439,1828255,1828316,1828346,1828424,1828512,1828514,1829690,1830936,1831074,1831078,1831234,1831608,1831831,1832577,1832662,1832756,1832800,1832944,1833173,1833211,1834181,1834191,1834736,1835235,1835887,1835891,1835953,1835964,1836144,1836871,1837857,1838032,1838256,1838381,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1844943,1845418,1845420,1845466,1845544,1845552,1845558,1845933,1845995,1846097,1846107,1846214,1846594,1846632,1847398,1847478,1847670,1847715,1847890,1848263,
1848336,1848386,1848398,1848441

Modified: ofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/util/OfbizUtil.js
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/util/OfbizUtil.js?rev=1848442&r1=1848441&r2=1848442&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/util/OfbizUtil.js (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/util/OfbizUtil.js Sat Dec 8 08:58:52 2018
@@ -858,7 +858,7 @@ function ajaxInPlaceEditDisplayField(ele
data : settings.submitdata,
success : function(data) {
// adding the new value to the field and make the modified field 'blink' a little bit to show the user that somethink have changed
- jElement.html(value).fadeOut(500).fadeIn(500).fadeOut(500).fadeIn(500).css('background-color', 'transparent');
+ jElement.text(value).fadeOut(500).fadeIn(500).fadeOut(500).fadeIn(500).css('background-color', 'transparent');
}
});
}, options);