From d19cb0007e5be61be375ef9a190ea165a7ecd3ce Mon Sep 17 00:00:00 2001 From: Anirvan Chatterjee Date: Mon, 15 Jun 2026 13:24:19 -0700 Subject: [PATCH 1/2] Fix UCSF featured videos JSON payload escaping in profile page script UCSFFeaturedVideos currently renders plugin JSON into FeaturedVideos.init('...') using manual backslash and apostrophe replacement. That escaping leaves sequences like \' inside the JSON text seen by JSON.parse(), which causes pages with titles such as "Here's Why" to fail at runtime with JSON.parse: bad escaped character. Replace the manual string munging with HttpUtility.JavaScriptStringEncode() so the HTML emits a valid JavaScript string literal while preserving the existing client-side contract. FeaturedVideos.js continues to receive a JSON string and parse it as before; only the server-side escaping strategy changes. This keeps the fix narrowly scoped to UCSFFeaturedVideos and avoids changing database data or the shared video module behavior. --- .../Modules/CustomViewUCSFPlugins/UCSFFeaturedVideos.ascx.cs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Website/SourceCode/Profiles/Profiles/Profile/Modules/CustomViewUCSFPlugins/UCSFFeaturedVideos.ascx.cs b/Website/SourceCode/Profiles/Profiles/Profile/Modules/CustomViewUCSFPlugins/UCSFFeaturedVideos.ascx.cs index 979ebf2b..54acbe91 100644 --- a/Website/SourceCode/Profiles/Profiles/Profile/Modules/CustomViewUCSFPlugins/UCSFFeaturedVideos.ascx.cs +++ b/Website/SourceCode/Profiles/Profiles/Profile/Modules/CustomViewUCSFPlugins/UCSFFeaturedVideos.ascx.cs @@ -2,6 +2,7 @@ using Profiles.Framework.Utilities; using System.Xml; using System.Collections.Generic; +using System.Web; using System.Web.UI.HtmlControls; namespace Profiles.Profile.Modules.CustomViewUCSFPlugins @@ -42,7 +43,7 @@ private void LoadAssets() //litjs.Text = base.SocialMediaInit(this.PlugInName); //TODO Obviously change this //litjs.Text = base.jsStart + "FeaturedVideos.init('" + Profiles.Framework.Utilities.GenericRDFDataIO.GetSocialMediaPlugInData(this.SubjectID, "UCSFFeaturedVideos").Replace("'", "\\'") + "'); " + base.jsEnd; - litjs.Text = base.jsStart + "FeaturedVideos.init('" + Profiles.Framework.Utilities.GenericRDFDataIO.GetSocialMediaPlugInData(this.SubjectID, "UCSFFeaturedVideos").Replace("\\", "\\\\").Replace("'", "\\'") + "'); " + base.jsEnd; + litjs.Text = base.jsStart + "FeaturedVideos.init('" + HttpUtility.JavaScriptStringEncode(Profiles.Framework.Utilities.GenericRDFDataIO.GetSocialMediaPlugInData(this.SubjectID, "UCSFFeaturedVideos")) + "'); " + base.jsEnd; HtmlLink Displaycss = new HtmlLink(); @@ -55,4 +56,4 @@ private void LoadAssets() } } -} \ No newline at end of file +} From 67b17eba4fa654c78121ffcb9e4f1f1a874c93d4 Mon Sep 17 00:00:00 2001 From: Anirvan Chatterjee Date: Mon, 15 Jun 2026 14:19:23 -0700 Subject: [PATCH 2/2] prevent undisplayable videos from shutting own video sections --- .../Profile/Modules/CustomViewUCSFPlugins/UCSFFeaturedVideos.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Website/SourceCode/Profiles/Profiles/Profile/Modules/CustomViewUCSFPlugins/UCSFFeaturedVideos.js b/Website/SourceCode/Profiles/Profiles/Profile/Modules/CustomViewUCSFPlugins/UCSFFeaturedVideos.js index 79e42d3f..4ce836e8 100644 --- a/Website/SourceCode/Profiles/Profiles/Profile/Modules/CustomViewUCSFPlugins/UCSFFeaturedVideos.js +++ b/Website/SourceCode/Profiles/Profiles/Profile/Modules/CustomViewUCSFPlugins/UCSFFeaturedVideos.js @@ -30,7 +30,7 @@ FeaturedVideos.getVideoMetadata = function (video, max_height, max_width, callba var oembedURL = oEmbedURLBase + '?maxheight=' + max_height + '&maxwidth=' + max_width + '&url=' + encodeURIComponent(video.url); var req = $.ajax({ url: oembedURL, - dataType: "jsonp", + dataType: "json", timeout: 10000, success: callback });