Homestyx hydra
Diffusion hydra e8dd67b88c13

Properly escape inline <script>
e8dd67b88c13
Actions

Description

Properly escape inline <script>

Test Plan:
Loaded Phabricator page, checked the source code. Also:

$c_uri = '//connect.facebook.net/en_US/all.js#xfbml=1&appId=';
echo CelerityStaticResourceResponse::renderInlineScript(
  jsprintf(
    'console.log(%s); // </script>
    %s',
    $c_uri,
    "</script><b>x</b>"));

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5741

Details

Provenance
Jakub VranaAuthored on Apr 20 2013, 8:55 PM
sirocylPushed on Oct 16 2024, 5:49 AM
Parents
R1:b216dc9c2c43: Document where Arcanist configuration can be set
Branches
Unknown
Tags
Unknown

Event Timeline

Changes (3)

PathSize
src/
applications/
phame/
view/
infrastructure/
celerity/
view/
page/

R1:e8dd67b88c13

View Options

src/applications/phame/view/PhamePostView.php

Loading...
View Options

src/infrastructure/celerity/CelerityStaticResourceResponse.php

Loading...
View Options

src/view/page/PhabricatorBarePageView.php

Loading...
styx copyright 2020 sirocyl / ellie (kymkdd) / ncommander / styx contributors
Use of other names and brands is not intended to reflect a claim of, or right to, use the name or brand.
styx is an operating system using the Linux kernel and components, and "styx Linux" as a phrase does not reflect the inclusion of the Linux brand or trademark in the styx project.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
Terms and Conditions (TODO: fix this!)