Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Audit] Output of text values, when not escaped, can break the UI #61

Open
nicklepine opened this issue Jun 25, 2021 · 1 comment
Open

[Audit] Output of text values, when not escaped, can break the UI #61

nicklepine opened this issue Jun 25, 2021 · 1 comment
Labels
Category: Bug Something isn't working Severity: 2 High Severity

Comments

@nicklepine
Copy link

nicklepine commented Jun 25, 2021
edited by chrisberthe
Loading

Purpose

We need to check all the places where a merchant can type into a text field and ensure it's properly escaped.

If they toss </div> into one of these, it can break the UI:

Screen Shot 2021-06-16 at 3 17 04 PM

Screen Shot 2021-06-16 at 3 15 49 PM
@nicklepine nicklepine added Category: Bug Something isn't working Severity: 1 Urgent Severity labels Jun 25, 2021
@nicklepine nicklepine added Severity: 2 High Severity and removed Severity: 1 Urgent Severity labels Jun 25, 2021
@willbroderick
Copy link

willbroderick commented Jul 27, 2021
edited
Loading

I'm not sure if this should be a separate issue, but this needs to include filters.
For example: https://github.com/Shopify/dawn/blob/main/sections/main-collection-product-grid.liquid#L56

With a variant filter value of 6", you see:

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Category: Bug Something isn't working Severity: 2 High Severity
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@willbroderick @nicklepine