Opened 10 months ago
Closed 10 months ago
#1488567 closed Bugs (fixed)
Missing escape in larry theme
| Reported by: | lrobol | Owned by: | thomasb |
|---|---|---|---|
| Priority: | 5 | Milestone: | 0.8-stable |
| Component: | Client Scripts | Version: | 0.8-rc |
| Severity: | major | Keywords: | |
| Cc: |
Description
I've encountered this bug while using 0.8-rc. There is a missing escape in skins/larry/includes/footer.html at the line 6:
UI.set('errortitle', '<roundcube:label name="errortitle" />');
and while using italian translation the string errortitle contains the character ', breaking all the JS of Roundcube. Replacing ' with " works as a workaround.
Change History (2)
comment:1 Changed 10 months ago by thomasb
- Component changed from Translator to Client Scripts
- Milestone changed from later to 0.8-stable
- Severity changed from normal to major
comment:2 Changed 10 months ago by thomasb
- Resolution set to fixed
- Status changed from new to closed
Fixed in [fa8f6e610ce5].
Note: See
TracTickets for help on using
tickets.
That is indeed a major issue. <roundcube:label ...> should allow us to specify the output escaping (e.g. html, javascript).