Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

LuceeAjax.js does not correctly encode curly braces in cfajaxproxy JSON arguments

Description

This issue is fixed but the fix is not-quite-correctly attached to https://luceeserver.atlassian.net/browse/LDEV-2028#icft=LDEV-2028 and LDEV-2029, which are resolved by a different fix. The issue itself was not documented, though.

In 5.2 (and 5.3 if the Ajaxproxy-doesn't-draw-JS issue is resolved) then the curly braces in AJAX calls using cfajaxproxy are not properly URL encoded.

https://github.com/lucee/Lucee/pull/593 resolves this for 5.2 and a separate PR will go out to the extension repo for 5.3, unless this stuff is remaining in the core in which case we'll submit it there.

Resolved in the extension repo by this PR: https://github.com/lucee/extension-ajax/pull/3

Environment

None

Attachments

1
  • 05 Dec 2018, 05:00 am

Activity

Show:

Michael Offner 3 June 2019 at 08:45

see LDEV-2100

Samuel W. Knowlton 6 March 2019 at 14:34

Submitted https://github.com/lucee/extension-ajax/pull/6 as a standalone fix for LDEV-2099, LDEV-2100, and LDEV-2115 (separate from PR 3 above which also contained a fix for LDEV-2028 and LDEV-2029 that should have been separate)

Pothys - MitrahSoft 5 December 2018 at 07:36

Hi ,

Thanks a lot for the test case, I find out the issue & checked with the fix working fine for me with attached test case.

This issue fixed with the PR https://github.com/lucee/Lucee/pull/593, it also added into https://github.com/lucee/extension-ajax/pull/3 extension repo.

URL were properly encoded with the fix, Ajax proxy working fine for me.

Samuel W. Knowlton 5 December 2018 at 05:00

I've attached a test case. The javascript is a little unusual - it's pulled from a legacy codebase we manage so we didn't write it, but that's part of why we have to deal with cfajaxproxy in the first place.

This test case can also demonstrate https://luceeserver.atlassian.net/browse/LDEV-2100#icft=LDEV-2100 but only after the intermediary fix is applied to LuceeAjax.js (the one from https://github.com/lucee/Lucee/pull/593) to fix the curly braces problem. After that, it should be demonstrated when changing the select menu that begins with no value.

Pothys - MitrahSoft 4 December 2018 at 12:34

Hi ,

I tested with below code, I can't see any issue. Can you please attach test file to reproduce the issue.

<cfform name="fooform"> <cfinput type="text" name="name" value="" id="foo"> <cfinput type="button" id="button" name="button" value="test"> </cfform> <cfajaxproxy bind="cfc:test.testcases.ajax.cfajaxproxy.events.setData({name@keyup})" onsuccess="showData" /> <script type="text/javascript"> function showData(d){ console.log(d); } </script>

It helps to find out the issue.

Fixed

Details

Assignee

Reporter

Priority

Fix versions

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Sprint

Affects versions

Created 29 November 2018 at 20:58
Updated 3 June 2019 at 08:45
Resolved 18 February 2019 at 10:33

Flag notifications