Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-30489

Update atmosphere.js within RichFaces

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: HOTFIX_10.10, 2021.x
    • Component/s: Seam / JSF UI

      Description

      RIchFaces seems to include a file: atmosphere.js with this function

      parseJSON: function (data){ return !data ? null : window.JSON && window.JSON.parse ? window.JSON.parse(data) : new Function("return " + data)(); }

      The last part is unsafe and should be removed: that will break compatibility with prehistoric browsers, but avoid to raise alerts by some automatic scanning tool

      Proposed fix

      parseJSON: function (data){ return !data ? null : window.JSON && window.JSON.parse ? window.JSON.parse(data) : alert('Please update your browser'); }

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              rcattiau Rémi Cattiau
              Participants:
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: