Jump to content


Photo

OpenWebif issue: unescaped js string


  • Please log in to reply
9 replies to this topic

#1 SatRider

  • Member
  • 16 posts

0
Neutral

Posted 16 October 2021 - 02:51

Hi, there is an issue in OpenWebif with the link to stream the current service (tooltip "Stream:<program name>") located in the top right on the OpenWebif page ("osd" div).
When a recording is played and the filename (i.e. the name of the recorded program/transmission) contains one or more single quotes (that is an apostrophe, so is relatively common in some languages) the browser (chrome in my test) console show the error "Uncaught SyntaxError: missing ) after argument list".

The problem is that internally the onclick event call the jumper80(<path>) javascript function (remember, when playing a recorded program) with the filename as argument and the filename is not properly escaped, so if it contains a single quote.......it breaks.

For the record I'm using VU+ Suo4K SE with OpenPli 8.1-release build 2021-09-15, last update 2021-10-12, but I think the problem exists in any decoder using OpenWebif.

I understand that, as far as I'm aware of, OpenWebif is not maintained directly by the OpenPli team but....I'm not sure where else to report this issue!



Re: OpenWebif issue: unescaped js string #2 ims

  • PLi® Core member
  • 13,785 posts

+214
Excellent

Posted 16 October 2021 - 04:25

Try report it here


Kdo nic nedělá, nic nezkazí!

Re: OpenWebif issue: unescaped js string #3 SatRider

  • Member
  • 16 posts

0
Neutral

Posted 16 October 2021 - 10:46

Try report it here

Done, here



Re: OpenWebif issue: unescaped js string #4 ims

  • PLi® Core member
  • 13,785 posts

+214
Excellent

Posted 16 October 2021 - 12:23

 

Try report it here

Done, here

 

Thx. Btw - you have there next question.


Kdo nic nedělá, nic nezkazí!

Re: OpenWebif issue: unescaped js string #5 SatRider

  • Member
  • 16 posts

0
Neutral

Posted 16 October 2021 - 18:15

This is the reply to my submitted issue:

 

"This looks more like an issue of PLi. The recording filenames should not have such special chars like '."

 

It seems odd to me since I had the impression that in any Enigma2 image the recording filename is the "name" of the program from epg, but I might be wrong, I'm no expert at all, so maybe that's true only for OpenPli?



Re: OpenWebif issue: unescaped js string #6 WanWizard

  • PLi® Core member
  • 70,528 posts

+1,811
Excellent

Posted 16 October 2021 - 18:30

I've responded to that issue.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: OpenWebif issue: unescaped js string #7 SatRider

  • Member
  • 16 posts

0
Neutral

Posted 17 October 2021 - 16:12

It has been fixed

 

Not trying to put any pressure (I'll fix it myself in my box), just for info/curiosity (I've no idea how the build process works), when it may be included in OpenPLI?

Future update? Future release?

 

Thank you for the help/support



Re: OpenWebif issue: unescaped js string #8 WanWizard

  • PLi® Core member
  • 70,528 posts

+1,811
Excellent

Posted 17 October 2021 - 16:20

Hmm... quite a horrible fix, but who am I.

 

Nightly build images are created continuously, so it will be available in the next build (the one that starts when this currently running one is finished).

Supported release images are built once a week, the current version (now 8.1) on Sunday, the previous version (now 7.3) on Wednesday.

 

That means you've just missed it, and have to wait until next week.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: OpenWebif issue: unescaped js string #9 SatRider

  • Member
  • 16 posts

0
Neutral

Posted 17 October 2021 - 16:42

Thank you for the info, it's always nice to understand/learn how things (your build process in this case) works.

No problem waiting, I have replaced the js with the "fixed" one and works, the title/tooltip is still broken (unescaped), so it's truncated....but that's is really a minor issue (already commented in github).

 

As for the fix....well....my point is more on the process, in my opinion ideally EVERYTHING should be properly encoded/escaped BY DESIGN in the development process, not "fixed" as "wrong characters" appear in usage cases.

Other products/projects may (and really DO) open BIG security holes when "things" are not encoded/escaped properly. Sure enough my STB is definitely not something I consider secure, nor I think it should be.

 

But hey, I'm definitely less of what you are...sooo.... ;) :D



Re: OpenWebif issue: unescaped js string #10 WanWizard

  • PLi® Core member
  • 70,528 posts

+1,811
Excellent

Posted 17 October 2021 - 16:51

I totally agree with you. That is why I replied on the issue.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.



2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users