[
https://issues.apache.org/jira/browse/WOOKIE-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12801513#action_12801513
]
Scott Wilson commented on WOOKIE-64:
------------------------------------
The incorrect encoding above occurs when script is placed within attributes,
e.g onclick. In these cases characters are escaped in the script.
> Wookie rewrites HTML start file incorrectly when injecting JavaScript:
> incorrectly encodes inline scripts
> ---------------------------------------------------------------------------------------------------------
>
> Key: WOOKIE-64
> URL: https://issues.apache.org/jira/browse/WOOKIE-64
> Project: Wookie
> Issue Type: Bug
> Components: Server
> Reporter: Scott Wilson
> Priority: Blocker
> Fix For: 0.8.1
>
> Original Estimate: 2h
> Time Spent: 3h
> Remaining Estimate: 0h
>
> When a widget package is uploaded into Wookie, the start file is injected
> with Wookie javascripts using HTMLCleaner.
> However, where a widget start file already includes inline JavaScript, the
> output is entity encoded; e.g.:
> if( window.widget.preferences["test1"] == "pass1" &&
> Becomes:
> if( window.widget.preferences["test1"] ==
> "pass1" &&
> This breaks a lot of scripts.
> To test, use any of the test widgets at:
> http://dev.w3.org/2006/waf/widgets-api/test-suite/
> This is probably best tackled in conjunction with WOOKIE-42
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
