Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
srcdoc in iframe not escaped correctly
See original GitHub issueDescribe the bug
Content in srcdoc attribute of iframe needs additional escaping of & character. HTML spec.
For example < needs to be escaped to &lt;
This shows when trying to display HTML escaped content inside <pre>
Report has iframe with content unescaped. When I open the attachment HTML file directly, it is escaped.
To Reproduce Steps to reproduce the behavior:
- Add HTML attachment with
<pre><h1>should be escapedd</h1></pre>
Expected behavior Escaped HTML tags remain escaped inside iframe in report
Attachments JSFiddle with current behavior link JSFiddle with expected behavior link
Issue Analytics
- State:
- Created 3 years ago
- Comments:5
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I think that this also applies to escaping
"inEmbedding.decodeData(string). It shouldn’t be converted to'but to". Citing the specAnd remember to escape ampersands before quotation marks, to ensure quotation marks become " and not &quot;.So if I understand this correctly fix would be in Embedding.java
decodedData.replaceAll("&", "&").replaceAll("\"", """);I don’t quite follow your question. I am not an expert in software security.