deface
deface copied to clipboard
spree
a javascript error is reported on all overrided pages containing javascript with charaters (>,&,<)
Hello
a javascript error is reported on all overrided pages containing javascript with charaters (>,&,<)
Example
We have identified the cause that breaks the javascript code (which is encoded).
The cause is the following:
The view source or partial of type (Nokogiri::HTML::DocumentFragment) which encodes characters by calling the method to_s in (Module Applicator /method apply_overrides ) line 52 (source = doc.to_s) :
Since we trust views files and partials,
By replace this line :
source = doc.to_s
by this one :
source = doc.to_s.gsub('<', '<').gsub('>', '>').gsub('&', '&')
The problem no longer exists
A PR was carried out on the subject https://github.com/spree/deface/pull/229
Thank you for considering this update.
Hello @mathieu-mbru I managed to reproduce the issue. Here is a failing test. Please feel free to include it in your patch:
describe "source containing a javascript tag" do
before { Deface::Override.new(:virtual_path => "posts/index",
:name => "Posts#index",
:remove => "p") }
let(:source) { "<%= javascript_tag do %>if (y > 0) {y = 0;}<% end %>" }
it "should return unmodified source" do
expect(Dummy.apply(source, { :virtual_path => "posts/index" })).to eq("<%= javascript_tag do %>if (y > 0) {y = 0;}<% end %>")
end
end
expected: "<%= javascript_tag do %>if (y > 0) {y = 0;}<% end %>"
got: "<%= javascript_tag do %>if (y > 0) {y = 0;}<% end %>"
