[CONFSERVER-30243] Workbox Host Plugin leaks jQuery as $ to global

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 5.5
Affects Version/s: 5.2.3
Component/s: Core - Workbox
Labels:
Environment:

Confluence 5.2-OD-13-1
Workbox 1.1.27

Bug Fix Policy:
View Atlassian Server bug fix policy

The Workbox - Host Plugin (1.1.27, com.atlassian.mywork.mywork-confluence-host-plugin) leaks jQuery as $ to global.

Steps to reproduce:

/sw/studio/icebat-51.1/install/install-studio.sh
go to an arbitrary page (workbox resources are sourced due to the header)

open console and type $, the response should be something like:

function ( selector, context ) {
		// The jQuery object is actually just the init constructor 'enhanced'
		return new jQuery.fn.init( selector, context, rootjQuery );
	}

go to UPM (/wiki/plugins/servlet/upm/manage/all#manage)
disable the Workbox - Host Plugin
repeat step 2 and 3, the response now should be
```
undefined
```

Please coordinate with the fix for ~~CONFDEV-18766~~ before removing this, because this is currently the only reason why the issue is not hitting everyone in OnDemand land.

is blocked by

CONFCLOUD-54345 TinyMCE patch relies on jQuery being exposed under $ in global scope

Closed

is related to

CONFCLOUD-54327 Backspace or delete no longer works in Confluence Editor with Chrome and Workbox disabled

Closed

relates to

CONFSERVER-31266 Search still relies on $.each instead of AJS.$ for jQuery access

Closed

CONFSERVER-30822 No Macro Metadata When Trying To Insert JIRA Issue Macro

Closed

CONFSERVER-31463 create from template macro redirects to dashboard when workbox is disabled

Closed

Discovered while testing: JST-71452 Loading...

mentioned in: Page Loading...

(1 Discovered while testing, 1 mentioned in)

fabs (Inactive) added a comment - 08/Aug/2013 12:31 AM

pgreig just added the important information that if /plugins/servlet/myworkserviceselector.action is set to does not provide in-app notifications $ stays undefined, which basically means the leak must come from one of those resources only delivered under HostEnabledCondition. Just by flying over the js I actually now get the impression that this is not a leak at all and is rather by design. Imo it should not expose its jQuery under $, thus this should be fixed may it be a leak or not.

fabs (Inactive) added a comment - 08/Aug/2013 12:31 AM pgreig just added the important information that if /plugins/servlet/myworkserviceselector.action is set to does not provide in-app notifications $ stays undefined, which basically means the leak must come from one of those resources only delivered under HostEnabledCondition . Just by flying over the js I actually now get the impression that this is not a leak at all and is rather by design. Imo it should not expose its jQuery under $, thus this should be fixed may it be a leak or not.

Assignee:: Ted Piotrowski (Inactive)

Reporter:: fabs (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 4 Start watching this issue

Created:: 06/Aug/2013 6:21 AM

Updated:: 11/Oct/2018 9:03 AM

Resolved:: 03/Mar/2014 3:56 AM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: fabs (Inactive) added a comment - 08/Aug/2013 12:31 AM

Expand comment: fabs (Inactive) added a comment - 08/Aug/2013 12:31 AM

People

Dates