This repository has been archived by the owner on Jul 11, 2022. It is now read-only.
js api: escape & and = in all string config values (#260) #269
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Ampersands and equal signs in the static configuration break setups
completely, even where they are perfectly legal, like in urls.
Instead of trying to catch all properties which may be fed an url, apply
reduced escaping to all string values in the configuration.
This will not touch any dynamic settings where writing to the Flash
object on the html page is not involved, like
clip.update({url: "yadda?x=y"}) which is not an issue.
It is also not the same as the point blank url encoding which was tried
in 3.2.8 to detrimental effect, and therefore had to be backed out.
|
@anssip - already did a lot of testing. imho this is safe, more consistent (almost elegant). |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ampersands and equal signs in the static configuration break setups
completely, even where they are perfectly legal, like in urls.
Instead of trying to catch all properties which may be fed an url, apply
reduced escaping to all string values in the configuration.
This will not touch any dynamic settings where writing to the Flash
object on the html page is not involved, like
clip.update({url: "yadda?x=y"}) which is not an issue.
It is also not the same as the point blank url encoding which was tried
in 3.2.8 to detrimental effect, and therefore had to be backed out.