[NXP-10034] Paging broken in opensocial widgets by document with null fields - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 5.5.0-HF12, 5.6
Fix Version/s: 5.4.2-HF31, 5.5.0-HF17, 5.6.0-HF06, 5.7.1
Component/s: Dashboard / OpenSocial (deprecated)

Description

This new bug was introduced by ~~NXP-9765~~. a few calls to escapeString were added, but no check to ensure the field is really a string is done. The result is that null values on a document properties generates a javascript exception and stops the loading of the gadget in the gadgets.util.escapeString() calls.

I'd expect some type casting if escapeString is to be used like follows, which would provide the same behaviour as before:

html += gadgets.util.escapeString(String(dashBoardItem.title));

See faulty commit:
https://github.com/nuxeo/nuxeo-opensocial/commit/38f634f4a617e8cecaff267bd93155db08452861#nuxeo-opensocial-gadgets/src/main/resources/web/nuxeo.war/scripts/opensocial/gadgets/default-documentlist-display.js

Attachments

Issue Links

depends on

NXP-9765 Prevent XSS in gadgets

Resolved

Activity

People

Assignee:

Thierry Martins

Reporter:

Société Transports Montréal

Participants:

Jenkins, Société Transports Montréal, Thierry Martins

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2012-09-06 19:00

Updated:

2015-11-24 17:52

Resolved:

2012-11-30 16:00