Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-12356

Try to reduce "Incomplete string escaping or encoding branch" issues reported by CodeQL

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Done
    • Trunk
    • None
    • GitHub, themes
    • None

    Description

      At https://github.com/apache/ofbiz-framework/security/code-scanning?query=is%3AIncomplete+string+escaping+or+encoding+branch%3Atrunk+severity%3Ahigh
      GH CodeQL reports 556 "Incomplete string escaping or encoding branch" issues (there are 588 issues at all).

      Most of them are in jQuery-UI but not only:

      Incomplete string escaping or encoding
      (Library) themes/common-theme/webapp/common/js/jquery/ui/jquery-ui-1.12.1.js:17591 •

      Some are reported inside jQuery itself:

      Incomplete string escaping or encoding
      themes/common-theme/webapp/common/js/jquery/plugins/jsTree/jquery.jstree.js:2961 •

      So this only an attempt to clarify among the 23 pages reported by upgrading jQuery-UI to 1.13.0.

      While working on this I crossed an issue related to element.form() that is now element._form() in jQuery-UI 1.13.0. I think it appears only in OfbizUtil.js because it's loaded after jQuery-UI.

      I also tried to load jQuery-UI with npmInstall but unfortunately https://jqueryui.com/upgrade-guide/1.12/#official-package-on-npm (ie jquery-ui.js & jquery-ui-min.js)

      Attachments

        Activity

          People

            jleroux Jacques Le Roux
            jleroux Jacques Le Roux
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: