Project

General

Profile

Actions
Copy link

Bug #95579

closed

Properly encode JSON when forwarding to RequireJS

Added by Oliver Hader about 3 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Backend JavaScript
Target version:
-
Start date:
2021-10-12
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
11
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

When forwarding configuration as JSON encoded data when loading RequireJS modules in form engine, escape sequences need to be handled explicitly. It is not possible to break the serialization by injection techniques, however client-side parsing might fail.

The problem has been discovered, when PHP class names (\Vendor\Package\Name) lead to client-side JSON parsing errors, e.g. JSON.parse('"\\Vendor\\Package\\Name"');.

Actions
Copy link
 #1

Updated by Oliver Hader about 3 years ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Gerrit Code Review about 3 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/71554

Actions
Copy link
 #3

Updated by Oliver Hader about 3 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #4

Updated by Benni Mack about 2 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF