Invalid json+ld data when malicious data is entered

Issue created by @Ruuds
Merge request !109Generate json+ld data using json_encode(). → (Merged) created by Ruuds
Open in Jenkins → Open on Drupal.org →
Core: 10.2.1 + Environment: PHP 8.1 & MySQL 8
last update 9 months ago
6 pass
Pipeline finished with Failed
9 months ago
Total: 173s
#171534
Status changed to Needs review 9 months ago9:47am 13 May 2024
Comment 9 months ago →
🇳🇱Netherlands Ruuds
The test failures are not related. The tests are broken anyway.
Status changed to RTBC 9 months ago7:12am 14 May 2024
Comment 9 months ago →
🇩🇪Germany spuky
looks good to me json encode is the for sure the better way to go...
Status changed to Needs work 8 months ago3:13pm 8 June 2024
Comment 8 months ago →
leymannx Berlin
Isn't $position always 1 now?
Comment 8 months ago →
leymannx Berlin
A single json_encode($value) without any flag also is not enough. You need at least json_encode($value, JSON_UNESCAPED_SLASHES) to prevent slashes in the URLs being escaped.
Assigned to leymannx
Comment 8 months ago →
leymannx Berlin
Open in Jenkins → Open on Drupal.org →
Core: 10.2.1 + Environment: PHP 8.1 & MySQL 8
last update 8 months ago
6 pass
Pipeline finished with Failed
8 months ago
Total: 145s
#194435
Open in Jenkins → Open on Drupal.org →
Core: 10.2.1 + Environment: PHP 8.1 & MySQL 8
last update 8 months ago
6 pass
Pipeline finished with Failed
8 months ago
Total: 144s
#194436
Status changed to Needs review 8 months ago6:38pm 8 June 2024
Comment 8 months ago →
leymannx Berlin
Comment 8 months ago →
🇳🇱Netherlands Ruuds
Great suggestion, looks good to me.
Issue was unassigned.
Comment 8 months ago →
leymannx Berlin
Open in Jenkins → Open on Drupal.org →
Core: 10.2.1 + Environment: PHP 8.1 & MySQL 8
last update 7 months ago
7 pass
Comment 7 months ago →
🇩🇪Germany spuky
Pipeline finished with Skipped
7 months ago
#209636
Open in Jenkins → Open on Drupal.org →
Core: 10.2.1 + Environment: PHP 8.1 & MySQL 8
last update 7 months ago
7 pass
Comment 7 months ago →
System Message

spuky → committed 17a06632 on 2.x authored by Ruuds →
Issue #3446802 by leymannx, Ruuds, spuky, emrekerimar: Invalid json+ld...
Status changed to Fixed 7 months ago11:46am 27 June 2024
Comment 7 months ago →
emrekerimar
spuky → credited emrekerimar → .
Comment 7 months ago →
🇩🇪Germany spuky
Comment 7 months ago →
leymannx Berlin
Yeah, I think we've just fixed the related issue as well. json_encode together with the constants we use makes it quite safe against XSS.
Comment 7 months ago →
System Message

spuky → committed 17a06632 on feature/megre_dynamic-breadcrumbs authored by Ruuds →
Issue #3446802 by leymannx, Ruuds, spuky, emrekerimar: Invalid json+ld...
Comment 7 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

Invalid json+ld data when malicious data is entered

Merge Requests

!109Invalid json+ld data when malicious data is entered
Merged

Comments & Activities

Invalid json+ld data when malicious data is entered

Merge Requests

!109Invalid json+ld data when malicious data is enteredMerged

Comments & Activities

!109Invalid json+ld data when malicious data is entered
Merged