[Pkg-javascript-devel] Bug#799825: Source map comment is causing bad code in package witty
Pau Garcia i Quiles
pgquiles at elpauer.org
Tue Sep 22 23:54:56 UTC 2015
Package: libjs-jquery
Version: 1.11.3+dfsg-3
Severity: normal
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.1.0-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
libjs-jquery depends on no packages.
Versions of packages libjs-jquery recommends:
ii javascript-common 11
libjs-jquery suggests no packages.
-- no debconf information
Please check Debian bug #798332, where all the details are provided.
Essentially, to me, the bug boils down to:
- Is it secure to include the "//# sourceMappingURL=jquery.min.map" line at
the end of /usr/share/javascript/jquery.min.js ?
- Is it necessary to include that line at the end of jquery.min.js?
- Does it make any good?
Upstream does not include the sourceMappingURL line:
http://code.jquery.com/jquery-1.11.3.min.js
If the libjs-jquery keeps including the sourceMappingURL line in
jquery.min.js, then we must deal with that either in the Wt packaging or
(ideally) upstream, in wt-3.3.4/src/filetostring.cmake.
If libjs-jquery stops including the sourceMappingURL, then witty bug #798332
will be solved with just a rebuild after libjs-jquery is updated.
Dear maintainer: IMHO the sourceMappingURL line should NOT be part of
/usr/share/javascript/jquery/jquery.min.js because it is not present
/upstream.
Thank you
More information about the Pkg-javascript-devel
mailing list