Skip to content

Commit

Permalink
#Fix: Sanitize SPA JSON response within HTML response in order to avo…
Browse files Browse the repository at this point in the history 
…id <script> parsing conflicts.

Issue: 99580
  • Loading branch information
@ggallotti
ggallotti committed Oct 27, 2022
1 parent c3a9eca commit f199ba2
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion dotnet/src/dotnetframework/GxClasses/Middleware/GXHttp.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ namespace GeneXus.Http
using GeneXus.Web.Security;
using System.Linq;
using System.Reflection.PortableExecutable;
using System.Web;
#else
using System.Web;
using System.Web.UI;
Expand Down Expand Up @@ -1568,7 +1569,7 @@ protected void SendState()
context.httpAjaxContext.AddStylesHidden();
if (IsSpaRequest())
{
context.WriteHtmlTextNl("<script>gx.ajax.saveJsonResponse(" + context.getJSONResponse() + ");</script>");
context.WriteHtmlTextNl("<script>gx.ajax.saveJsonResponse('" + GXUtil.HtmlEncodeInputValue(HttpUtility.JavaScriptStringEncode(context.getJSONResponse())) + "');</script>");
}
else
{
Expand Down

0 comments on commit f199ba2

Please sign in to comment.