Page MenuHomePhabricator
Create Task
Maniphest T85507

Fix incorrect deserialization of HTML in MoodBar
Closed, ResolvedPublic
Actions

Description

This is related to jQuery 1.9's change in how HTML is recognized by the $() function.

The locations are:

  • Apparent arbitrary HTML (probably XSS-safe, but not necessarily starting with <), from the API used in ext.moodBar.dashboard.js (245): Should use parseHTML
  • moodbar.tpl.type on 256 of ext.moodbar.core.js (line continuation), similar ones elsewhere in file (moodbar.tpl/mb.tpl in general). Strings in tpl start with newlines and space rather than <.

Details

ProjectBranchLines +/-Subject
mediawiki/extensions/MoodBarmaster+48 -61Update HTML deserialization for jQuery 1.9+ requirements
Customize query in gerrit

Related Objects
Search...

Event Timeline

Mattflaschen-WMF created this task.Dec 30 2014, 4:18 AM
Mattflaschen-WMF raised the priority of this task from to High.
Mattflaschen-WMF updated the task description. (Show Details)
Mattflaschen-WMF added projects: Collaboration-Team-Triage, MediaWiki-extensions-MoodBar.
Mattflaschen-WMF added subscribers: Aklapper, Unknown Object (MLST), greg and 6 others.
Mattflaschen-WMF updated the task description. (Show Details)Dec 30 2014, 4:21 AM
Mattflaschen-WMF set Security to None.
Mattflaschen-WMF mentioned this in T85022: Audit deployed Collaboration team extensions for jQuery 1.11 upgrade issues.Dec 30 2014, 5:03 AM
Krinkle removed a subscriber: Unknown Object (MLST).Dec 30 2014, 5:27 AM
Krinkle removed a subscriber: Krinkle.Jan 17 2015, 1:38 AM
Mattflaschen-WMF claimed this task.Jan 29 2015, 11:51 PM
Mattflaschen-WMF edited projects, added Collaboration-Team-Sprint-P-2015-02-11/q3; removed Collaboration-Team-Triage.
gerritbot added a project: Patch-For-Review.Jan 31 2015, 1:57 AM
gerritbot added a subscriber: gerritbot.

Change 187859 had a related patch set uploaded (by Mattflaschen):
Update HTML deserialization for jQuery 1.9 requirements

https://gerrit.wikimedia.org/r/187859

Patch-For-Review

Mattflaschen-WMF moved this task from Sprint P - ends Feb 11 to Code Review on the Collaboration-Team-Sprint-P-2015-02-11/q3 board.Jan 31 2015, 1:59 AM
Nemo_bis removed a subscriber: Nemo_bis.Feb 1 2015, 3:37 PM
matthiasmullie moved this task from Code Review to Product Review on the Collaboration-Team-Sprint-P-2015-02-11/q3 board.Feb 2 2015, 11:26 PM
gerritbot added a comment.Feb 2 2015, 11:26 PM

Change 187859 merged by jenkins-bot:
Update HTML deserialization for jQuery 1.9 requirements

https://gerrit.wikimedia.org/r/187859

Mattflaschen-WMF mentioned this in rEMOOc7ef8672b7f8: Update HTML deserialization for jQuery 1.9+ requirements.Feb 3 2015, 9:36 PM
DannyH closed this task as Resolved.Feb 3 2015, 11:57 PM
DannyH moved this task from Product Review to Done on the Collaboration-Team-Sprint-P-2015-02-11/q3 board.
DannyH added a subscriber: DannyH.
Diffusion mentioned this in rMEXTc4201a02e0a7: Updated mediawiki/extensions Project: mediawiki/extensions/MoodBar….Mar 11 2015, 6:25 AM
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL