[
https://issues.apache.org/jira/browse/OFBIZ-12356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux updated OFBIZ-12356:
------------------------------------
Component/s: GitHub
> Try to reduce "Incomplete string escaping or encoding branch" issues reported
> by CodeQL
> ---------------------------------------------------------------------------------------
>
> Key: OFBIZ-12356
> URL: https://issues.apache.org/jira/browse/OFBIZ-12356
> Project: OFBiz
> Issue Type: Improvement
> Components: GitHub, themes
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Minor
> Fix For: Upcoming Branch
>
>
> At
> https://github.com/apache/ofbiz-framework/security/code-scanning?query=is%3AIncomplete+string+escaping+or+encoding+branch%3Atrunk+severity%3Ahigh
> GH CodeQL reports 556 "Incomplete string escaping or encoding branch" issues
> (there are 588 issues at all).
> Most of them are in jQuery-UI but not only:
> {quote}
> Incomplete string escaping or encoding
> (Library)
> themes/common-theme/webapp/common/js/jquery/ui/jquery-ui-1.12.1.js:17591 •
> {quote}
> Some are reported inside jQuery itself:
> {quote}
> Incomplete string escaping or encoding
> themes/common-theme/webapp/common/js/jquery/plugins/jsTree/jquery.jstree.js:2961
> •
> {quote}
> So this only an attempt to clarify among the 23 pages(!) reported by
> upgrading jQuery-UI to 1.13.0.
> While working on this I crossed an issue related to element.form() that is
> now [element._form() in jQuery-UI
> 1.13.0|https://jqueryui.com/changelog/1.13.0/#ui-core]. I think it appears
> only in OfbizUtil.js because it's loaded after jQuery-UI.
> I also tried to load jQuery-UI with npmInstall but unfortunately
> https://jqueryui.com/upgrade-guide/1.12/#official-package-on-npm (ie
> jquery-ui.js & jquery-ui-min.js)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
