[ https://issues.apache.org/jira/browse/OFBIZ-12356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux updated OFBIZ-12356: ------------------------------------ Component/s: GitHub > Try to reduce "Incomplete string escaping or encoding branch" issues reported > by CodeQL > --------------------------------------------------------------------------------------- > > Key: OFBIZ-12356 > URL: https://issues.apache.org/jira/browse/OFBIZ-12356 > Project: OFBiz > Issue Type: Improvement > Components: GitHub, themes > Affects Versions: Trunk > Reporter: Jacques Le Roux > Assignee: Jacques Le Roux > Priority: Minor > Fix For: Upcoming Branch > > > At > https://github.com/apache/ofbiz-framework/security/code-scanning?query=is%3AIncomplete+string+escaping+or+encoding+branch%3Atrunk+severity%3Ahigh > GH CodeQL reports 556 "Incomplete string escaping or encoding branch" issues > (there are 588 issues at all). > Most of them are in jQuery-UI but not only: > {quote} > Incomplete string escaping or encoding > (Library) > themes/common-theme/webapp/common/js/jquery/ui/jquery-ui-1.12.1.js:17591 • > {quote} > Some are reported inside jQuery itself: > {quote} > Incomplete string escaping or encoding > themes/common-theme/webapp/common/js/jquery/plugins/jsTree/jquery.jstree.js:2961 > • > {quote} > So this only an attempt to clarify among the 23 pages(!) reported by > upgrading jQuery-UI to 1.13.0. > While working on this I crossed an issue related to element.form() that is > now [element._form() in jQuery-UI > 1.13.0|https://jqueryui.com/changelog/1.13.0/#ui-core]. I think it appears > only in OfbizUtil.js because it's loaded after jQuery-UI. > I also tried to load jQuery-UI with npmInstall but unfortunately > https://jqueryui.com/upgrade-guide/1.12/#official-package-on-npm (ie > jquery-ui.js & jquery-ui-min.js) -- This message was sent by Atlassian Jira (v8.3.4#803005)