NOTE: If you are a developer, please use a private wiki based on foswiki/trunk on a daily base ...or use trunk.foswiki.org to view this page for some minimal testing.
Use Item9693 for docu changes for 1.2 and 2.0.

You are here: Foswiki>Tasks Web>Item386 (22 Feb 2009, KennethLavrsen)

Item386: Form.pm calls javascript function launchWindow

Priority:	CurrentState:	AppliesTo:	Component:	WaitingFor:
Urgent	Closed	Engine

A lib file should not assume javascript. Especially because this is inserted in default skin that does not load any javascript .Line 280 in Form.pm

Agreed; and because of the potential for a XSS exploit by this route, I'm confirming it and raising it to Urgent.

The obvious solution is to template the function.

CrawfordCurrie - 04 Dec 2008

The correct way is to use unobtrusive javascript, as with BehaviourContrib or JQuery.

ArthurClemens - 04 Dec 2008

Looking at it I couldn't see the point of having the function call at all. The target attribute should suffice for that application.

-- CrawfordCurrie - 11 Dec 2008

Except when we want to conform to strict XHTML.

-- ArthurClemens - 11 Dec 2008

Ho ho ho that's a good one!

-- CrawfordCurrie - 11 Dec 2008

ItemTemplate edit

Summary	Form.pm calls javascript function launchWindow
ReportedBy	Foswiki:Main.ArthurClemens
Codebase
SVN Range	SVN 1155: Foswiki-0.9.0, Tue, 02 Dec 2008, build 1127
AppliesTo	Engine
Component
Priority	Urgent
CurrentState	Closed
WaitingFor
Checkins	Foswikirev:1258 Foswikirev:1261 Foswikirev:1319
TargetRelease	patch
ReleasedIn	1.0.0

Topic revision: r11 - 22 Feb 2009, KennethLavrsen

Tasks

Submit and Query

Create Task

Developer Tasks

Non Developer Tasks

Developer Tools

Tools

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement.