search

gkoberger / BugzillaJS

A userscript that adds additional functionality to bugzilla
https://addons.mozilla.org/en-US/firefox/addon/bugzillajs/
43 stars 18 forks source link

_build_query_string does not escape correctly #81

Closed fwenzel closed 11 years ago

fwenzel commented 11 years ago

https://bugzilla.mozilla.org/show_bug.cgi?id=876889 -- click on "browse" next to the component. There's an unescaped & in there.

https://github.com/gkoberger/BugzillaJS/blob/master/includes/bugzilla-misc.js#L96 _build_query_string needs to escape stuff properly.

rik commented 11 years ago

Oops :(

fwenzel commented 11 years ago

Might want to encode the keys, also, but the risk there is smaller because they are well-defined.

fwenzel commented 11 years ago

Also, I didn't know you were shepherding the BugzillaJS add-on now, @Rik. Cool!

rik commented 11 years ago

I figured it wasn't a big deal for the keys. If it is, we'll fix it :)

Yeah, I started just updating the SDK so that it wouldn't break. And for some reason, @gkoberger is not really interested in Bugzilla anymore :)