Commit 27a6767a authored by Leigh Stoller's avatar Leigh Stoller

Some quick fixes for how we encode the extension text into JSON; there was

an interaction between htmlentities and json_encode. I got rid of the
former and added options to json_encode, but that is not safe, so need to
make sure we use jquery .text() and underscore template <%- when displaying
that text.
parent 30afbb02
......@@ -120,7 +120,7 @@ if (count($extensions)) {
$foo[$extension->idx()] = $extension->info;
}
echo "<script type='text/plain' id='extensions-json'>\n";
echo json_encode($foo);
echo json_encode($foo, JSON_HEX_APOS|JSON_HEX_QUOT|JSON_HEX_TAG|JSON_HEX_TAG);
echo "</script>\n";
}
SPITFOOTER();
......
......@@ -836,8 +836,8 @@ class ExtensionInfo
return;
}
$this->info = mysql_fetch_assoc($query_result);
$this->info["reason"] = trim(CleanString($this->info["reason"]));
$this->info["message"] = trim(CleanString($this->info["message"]));
$this->info["reason"] = trim($this->info["reason"]);
$this->info["message"] = trim($this->info["message"]);
}
# accessors
function field($name) {
......
......@@ -282,12 +282,9 @@ if (count($extensions)) {
$foo[$extension->idx()] = $extension->info;
}
echo "<script type='text/plain' id='extensions-json'>\n";
echo json_encode($foo);
echo json_encode($foo, JSON_HEX_APOS|JSON_HEX_QUOT|JSON_HEX_TAG|JSON_HEX_TAG);
echo "</script>\n";
}
if ($extension_history != "") {
echo "<pre class='hidden' id='extension_history'>$extension_history</pre>\n";
}
if ($extension_denied_reason != "") {
echo "<pre class='hidden' id='extension_denied_reason'>$extension_denied_reason</pre>\n";
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment