Task #102207: Escape dynamic values in selector queries - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Task #102207

closed

Escape dynamic values in selector queries

Added by Benjamin Franzke about 1 year ago. Updated 10 months ago.

Status:

Closed

Priority:

Should have

Assignee:

Benjamin Franzke

Category:

Backend JavaScript

Target version:

Candidate for patchlevel

Start date:

2023-10-19

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

PHP Version:

Tags:

Complexity:

Sprint Focus:

Description

Whenever dynamic data is passed to query selectors, it needs to be escaped.

Example for a wrong example:

const baz = readFromSomeDynamicData(),
const foo = document.querySelector('foo[bar="' + baz + '"]');

Better/Correct:

const baz = readFromSomeDynamicData(),
const foo = document.querySelector('foo[bar="' + CSS.escape(baz) + '"]');

Ideal/Desired would be to use a string literal for syntax sugar reasons:

const baz = readFromSomeDynamicData(),
const foo = document.querySelector(selector`foo[bar="${baz]"]`);

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Task #102207

Escape dynamic values in selector queries

Updated by Gerrit Code Review about 1 year ago

Updated by Gerrit Code Review about 1 year ago

Updated by Gerrit Code Review about 1 year ago

Updated by Gerrit Code Review about 1 year ago

Updated by Gerrit Code Review about 1 year ago

Updated by Gerrit Code Review about 1 year ago

Updated by Gerrit Code Review about 1 year ago

Updated by Gerrit Code Review about 1 year ago

Updated by Gerrit Code Review about 1 year ago

Updated by Gerrit Code Review about 1 year ago

Updated by Anonymous about 1 year ago

Updated by Benni Mack 10 months ago