Escape product titles in MSRP JavaScript #2366
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Forward Update
…eak the JavaScript for MSRP/MAP
github-actions
bot
added
Component: Catalog
elidrissidev
approved these changes
Aug 5, 2022
ADDISON74
approved these changes
Aug 5, 2022
kiatng
approved these changes
Aug 5, 2022
sreichel
added a commit
that referenced
this pull request
Aug 12, 2022
* Merge PR #2342 * Revert "Add basic text for Ukraine (#2074)" (#2325) This reverts commit 33dfa26. * Mage_Catalog_Model_Product_Attribute_Backend_Groupprice_Abstract: avoid loading all websites when using only the current one (#2351) * Added support for HTTP2 to Mage_HTTP_Client_Curl (#1137) * Blocked access to all dot files (#2349) * Capitalization Adjustment Regarding CamelCase in Method Names (#2365) * refactor: Adjusted capitalization of two public methods. * refactor: Adjusted capitalization of one protected method. * refactor: Adjusted capitalization of where call. * chore: Removed fixed error from phpstan baseline. * Some microoptimization (#2335) * Avoid duplicate method calls * Replaced array_push() * Changed substr() third parameter * Use array_key_exists() * php7 opcode - internal functions * Enclosed error with <pre> tag for prettier error print (if developer mode is enabled). (#2368) * Updated phpstan to 1.8.2 (#2367) * Escape product titles in MSRP JavaScript (#2366) * Product names were not escaped. If contained a double quote, would break the JavaScript for MSRP/MAP * update contribution list * Update boxes.css (#2330) * Force describeTable() to use read DB adapter (#2371) * Do not install n98/n98_layouthelper (#2373) * Add apt update to XML validation workflow (#2376) * Merged PR #2375 * Replace remaining "sizeof" calls with "count" (#2369) * Remove DISCLAIMER and change Magento -> OpenMage in header (#2297) * Added label for phpstan cosmetic changes (#2384) * Added weight to salesOrderShipmentAddTrack API (#1377) * PHPStan/DOCBlock fixes (#2336) * Updated docs for email addTo() (#2382) * Updated phpstan experimental (#2386) * Cosmetic changes to Mage_Payment_Model_Method_Abstract::validate() (#2388) * Replaced join() calls with implode() (#2389) * Hidden empty sub menu from backend (#2391) * Remove Thumbs.db file (#2394) * Support PHP 8.1 in composer.json (#2378) * php condition in composer.json This solves the issue related to php versions > 8.1 * Reduced condition for PHP requirement * Changed PHP requirement * Updated version in Ubuntu 22.04 based on PHP 8.1.2 * Composer.lock updated in Ubuntu 20.04 (PHP 8.1.2) * Update composer.lock * Update composer.lock * Blocked various file types in .htaccess (#2359) * Color swatches work with disparate product IDs (#2390) * Move Credit Memo at the end of the buttons list (#2392) * Version bump (#2387) * Minor fixes on 'filter_condition_callback' method _filterStoreCondition() (#2362) * add ReturnTypeWillChange to various Files catched by code style checker #2302 * Phpstan fixes (#2396) * Fixed addCrumb() * Fixed initForm() and _needToAddDummy() * Fixed addLink() * Fixed addLinkRel() * Fixed canUseCanonicalTag() * Fixed getAddUrl...() * Fixed rollBack() camelCase error reported by phpstan (#2403) * Changes default root dir in composer.json (#2401) * Fixed targetNamespace for WS-I Compliant SOAP APIs (#2405) * Updated phpstan baseline Co-authored-by: sv3n <[email protected]> Co-authored-by: Fabian Blechschmidt <[email protected]> Co-authored-by: Colin Mollenhour <[email protected]> Co-authored-by: Kevin Jakob <[email protected]> Co-authored-by: Ng Kiat Siong <[email protected]> Co-authored-by: Scott Moore <[email protected]> Co-authored-by: ADDISON <[email protected]> Co-authored-by: Justin Beaty <[email protected]> Co-authored-by: luigifab <[email protected]> Co-authored-by: Daniel Fahlke <[email protected]> Co-authored-by: leissbua <[email protected]>
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description (*)
Product titles were not escaped before being output into the MSRP javascript
Catalog.Map.addHelpLinkfunction. If they contained a double quote, this would break the string that wraps the product title.This escapes the product title now prior.
Related Pull Requests
Fixed Issues (if relevant)
Manual testing scenarios (*)
Questions or comments
Contribution checklist (*)