[Bug 23755] New: ts_parseFloat() in wikibits.js leaks num into global scope

bugzilla-daemon Tue, 01 Jun 2010 15:04:07 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=23755


           Summary: ts_parseFloat() in wikibits.js leaks num into global
                    scope
           Product: MediaWiki
           Version: 1.16
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: Normal
         Component: Javascript
        AssignedTo: d...@ucsc.edu
        ReportedBy: i...@skierpage.com
                CC: tpars...@wikimedia.org


I was trying to puzzle out table-sorting on Wikipedia using Firebug, and I
noticed that ts_parseFloat() in wikibits.js assigns a value to num:

 num = parseFloat( s.replace(/[, ]/g, '').replace("\u2212", '-') );

Because there's no var or let, this adds num to the global scope -- before this
line is reached, this.num is undefined, afterwards this.num has a value for all
JavaScript.  A fix might be to use the existing local var newNum instead of num
here.

I'm no JavaScript wizard, so I apologize if this is intentional.
There are several other variables that were probably intended to be local that
get added to this. scope according to Firebug (this.i, etc.)

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 23755] New: ts_parseFloat() in wikibits.js leaks num into global scope

Reply via email to