Closed NerdFlanders closed 1 year ago
Thanks for the report. Are you able to provide a PR with the updated jQuery files?
"It would be nice to update it"
If only it were as simple as that. A whole bunch of other stuff doesn't work as a result. I'm investigating.
(If only Archi was Open Source, someone might be able to help and contribute a fix...)
I'm investigating.
I would suggest not to investigate...
A security Scan reveiled that the used version of jQuery is too old and has too much security issues It would be nice to update it so we can use the generated html report safely.
And how many of these security issues affect a static website ? For example, cross-site-scripting is not a risk in such context because there's no backend or database to attack. Moreover, such reports are intended to be share internally through an intranet and not to be freely accessible over internet. Could you please provide a more detailed risk analysis?
If only Archi was Open Source, someone might be able to help and contribute a fix...
Yes, if someone is willing to provide a PR which doesn't break any of the other part of the report (embedded AlaSQL Database, filtering of the model tree, queries...) then of course we can merge it, but for the time being, I thing we have other priorities (Archi 5 and coArchi 2), and I'm planing to update the HTML report only when I'll be able to redesign it completely.
If only Archi was Open Source, someone might be able to help and contribute a fix...
Me being grumpy. ;-)
I've got a branch with updated jQuery and other stuff which works. Am investigating the zoom slider not working on IE.
If only Archi was Open Source, someone might be able to help and contribute a fix..
I can try to update jquery, but it would take some time because I have to understand how to test it first.
I've got a branch with updated jQuery and other stuff which works. Am investigating the zoom slider not working on IE
IE is not supported anymore by windows and is dead, I think time spending with IE is not necessary (I can be wrong here)
IE is not supported anymore by windows and is dead, I think time spending with IE is not necessary (I can be wrong here)
Archi uses the internal browser component for the HTML report preview. On Windows, by default, this is IE11, or Edge in IE mode. I have set an option in Archi to use Edge but this is off by default and some Windows 10 users don't have the Edge Runtime installed.
I've fixed the outstanding issues. There's a new branch jQuery
and commit that needs to be tested.
I tested it as far as I could and it seems that everything works like before. No Issues found on the generated website an its behaviour.
I tested it as far as I could and it seems that everything works like before. No Issues found on the generated website an its behaviour.
Thanks for testing. When using Preview HTML report this is written to the console:
context [/modelreport /expandFolder /_sub2 /classesFromProperties /_sub3] 1:25 no such template: /IGNORE_ERROR_Id
I need to investigate the cause of that.
I need to investigate the cause of that.
Actually this is unrelated to the later version of jQuery.
I'll commit the updated JQuery branch for Archi 5 beta 2 and see if any issues arise.
This is in Archi 5 beta 2
Closing. Will re-open if there are any further issues.
Because JQuery-1.11.2 is from 2014 an has several security issues like cross-site-scripting. It would be nice to update it so we can use the generated html report safely. At least should be used jQuery 3.5.0 or the latest possible stable version of jQuery.
Version of Archi
4.10
Archi Plug-ins
coArchi-0.8.7
Operating System
Windows 10 Version 10.0.19044 Build 19044
Expected Behaviour
No security vulnerabilities in through an old jQuery
Actual Behaviour
A security Scan reveiled that the used version of jQuery is too old and has too much security issues
Steps to Reproduce the Behaviour
Use the latest version of Archimate and generate a html report. The jQuery version in the folder lib/jquery/js is from 2014 with version 1.11.2.