Loading Profile...
Javascript Quote Escaping Problems
Whenever I try to load up my lifestream, it doesn't get very far. My Javascript gets caught up in an error due to an escaping quotes problem. Here is the line of code:
ident = JSON.parse('{"name" : "Type Lauren Herndon's Full Name Here", "identity": 188}');
You see the single quote is ending the parameter to the parse() function early. If it is a problem here, I am sure it is a problem in several places. Whenever you receive data from your database, you should escape things so that it will not interfere with your client-side code.
I'd be willing to bet that if anyone put a single quote when they try to name someone, the next time that person's name comes back up in the LifeStream a Javascript error will be thrown.
An error like this keeps a person completely locked out of there LifeStream.
Keep up the good work! I am enjoying SocialThing!. I am finding things I didn't usually see before.
ident = JSON.parse('{"name" : "Type Lauren Herndon's Full Name Here", "identity": 188}');
You see the single quote is ending the parameter to the parse() function early. If it is a problem here, I am sure it is a problem in several places. Whenever you receive data from your database, you should escape things so that it will not interfere with your client-side code.
I'd be willing to bet that if anyone put a single quote when they try to name someone, the next time that person's name comes back up in the LifeStream a Javascript error will be thrown.
An error like this keeps a person completely locked out of there LifeStream.
Keep up the good work! I am enjoying SocialThing!. I am finding things I didn't usually see before.
I’m not getting to use SocialThing!
1
person has this problem
I have this problem, too!
Tell me when someone solves it.
The more people who report this problem, the more it gets noticed.
The more people who report this problem, the more it gets noticed.
The best solution from everyone
-
This issue has been fixed, single quotes are now properly being escaped in the javascript! Thanks for reporting the problem!
The company and 1 other person say
this solves the problem
Create a customer community for your own organization
Plans starting at $19/month
-
Inappropriate?their* was mispelled somewhere in there...
My username is 'chad' for any debugging purposes... -
Inappropriate?Thanks Chad, this problem has been noted and we'll look into it. -
Inappropriate?What browser were you using Chad? Just curious. -
Inappropriate?Firefox 2.0.0.11
-
Inappropriate?This issue has been fixed, single quotes are now properly being escaped in the javascript! Thanks for reporting the problem!
The company and 1 other person say
this solves the problem
-
Inappropriate?Awesome. Thanks for the quick response.
I am still getting a javascript error. It may be related, it may not be. Starts with:
my_identities = JSON.parse('.....
It is towards the bottom of the generated HTML. I was trying some more XSS'ish things just to bring up possible vulnerabilities. If Joel wants to just email me about specifics, he is more than welcome to. hutchins dot chad at gmail dot com.
thanks again -
Inappropriate?Thank you for the further input, we're addressing the issue!
-
Inappropriate?I am up and running again! Thanks so much. Keep up the good work!
