Uploaded image for project: 'Nuxeo Web UI'
  1. Nuxeo Web UI
  2. WEBUI-151

Scripts contributed on Web UI ES module bundles not being loaded

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 3.0.1
    • Fix Version/s: 3.0.2, 3.1.0
    • Component/s: UI
    • Tags:
    • Team:
      UI
    • Sprint:
      UI - 2021-01

      Description

      Script tags being contributed on Web UI bundles loaded as ES modules are not executed. This happens because the HTML is loaded as a string and then inserted to the innerHTML of a template. However, according to the docs:

      Although this may look like a cross-site scripting attack, the result is harmless. HTML5 specifies that a <script> tag inserted with innerHTML should not execute.

      We should look for alternatives to fix this. For example, the HTML imports polyfill clones every script and appends it again to the header to make them run (see code).

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour
                  1h

                    PagerDuty

                    Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.