Details
-
Type:
Story
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 4.2.0-b1
-
Component/s: Staff Interface
-
Labels:None
Description
Wherever nvd3 is used (I think in the System Overview and Billing Overview plugins), we build data via JSON and pass it to the graph. Where we pass a name for graph element we HTML-encode it (via Html::_), which prevents it from being displayed correctly, particularly when it contains UTF-8 characters.
Instead, we should consider displaying the UTF-8 characters as-is, but we must avoid XSS. For inserting data into JSON, consider passing the unencoded text through php's addslashes to escape quotes and backslashes required by JSON. Test to confirm no issues with XSS for unicode and utf-8 characters, single quotes, double quotes, slashes, etc.
See https://www.blesta.com/forums/index.php?/topic/10035-graph-caption-doesnt-support-unicode-letters/
Activity
Tyson Phillips (Inactive)
created issue -
Tyson Phillips (Inactive)
made changes -
| Field | Original Value | New Value |
|---|---|---|
| Rank | Ranked higher |
Tyson Phillips (Inactive)
made changes -
| Description |
Wherever nvd3 is used (I think in the System Overview and Billing Overview plugins), we build data via JSON and pass it to the graph. Where we pass a name for graph element we HTML-encode it (via Html::_), which prevents it from being displayed correctly, particularly when it contains UTF-8 characters.
Instead, we should consider displaying the UTF-8 characters as-is, but we must avoid XSS. For inserting data into JSON, consider passing the unencoded text through php's _addslashes_ to escape quotes and backslashes [required by JSON|http://www.json.org/]. Test to confirm no issues with XSS for unicode and utf-8 characters, single quotes, double quotes, slashes, etc. |
Wherever nvd3 is used (I think in the System Overview and Billing Overview plugins), we build data via JSON and pass it to the graph. Where we pass a name for graph element we HTML-encode it (via Html::_), which prevents it from being displayed correctly, particularly when it contains UTF-8 characters.
Instead, we should consider displaying the UTF-8 characters as-is, but we must avoid XSS. For inserting data into JSON, consider passing the unencoded text through php's _addslashes_ to escape quotes and backslashes [required by JSON|http://www.json.org/]. Test to confirm no issues with XSS for unicode and utf-8 characters, single quotes, double quotes, slashes, etc. See https://www.blesta.com/forums/index.php?/topic/10035-graph-caption-doesnt-support-unicode-letters/ |
Tyson Phillips (Inactive)
made changes -
| Fix Version/s | 4.2.0-b1 [ 11014 ] |
Tyson Phillips (Inactive)
made changes -
| Sprint | 4.2.0 Sprint 3 [ 48 ] |
Tyson Phillips (Inactive)
made changes -
| Rank | Ranked higher |
Tyson Phillips (Inactive)
made changes -
| Issue Type | Bug [ 1 ] | Story [ 7 ] |
Tyson Phillips (Inactive)
made changes -
| Remaining Estimate | 0 minutes [ 0 ] | |
| Time Spent | 40 minutes [ 2400 ] | |
| Worklog Id | 10503 [ 10503 ] |
Tyson Phillips (Inactive)
made changes -
| Status | Open [ 1 ] | Closed [ 6 ] |
| Resolution | Fixed [ 1 ] |