changeset 6d7c2dbd02a4 in sao:5.6
details: https://hg.tryton.org/sao?cmd=changeset;node=6d7c2dbd02a4
description:
Escape external strings
issue9394
review293931002
(grafted from d1858845ab3aebd0788b18c667c58617ee54ad4f)
diffstat:
CHANGELOG | 2 ++
src/tab.js | 6 +++---
src/view/form.js | 2 +-
src/view/tree.js | 8 ++++----
src/window.js | 16 ++++++++--------
5 files changed, 18 insertions(+), 16 deletions(-)
diffs (160 lines):
diff -r c553b983d10a -r 6d7c2dbd02a4 CHANGELOG
--- a/CHANGELOG Wed Jun 17 13:51:41 2020 +0200
+++ b/CHANGELOG Mon Jun 29 17:29:45 2020 +0200
@@ -1,3 +1,5 @@
+* Escape external string (issue9394)
+
Version 5.6.3 - 2020-06-16
* Bug fixes (see mercurial logs for details)
diff -r c553b983d10a -r 6d7c2dbd02a4 src/tab.js
--- a/src/tab.js Wed Jun 17 13:51:41 2020 +0200
+++ b/src/tab.js Mon Jun 29 17:29:45 2020 +0200
@@ -406,7 +406,7 @@
role: 'tabpanel',
'class': 'tab-pane',
id: tab.id
- }).html(tab.el)
+ }).append(tab.el)
.appendTo(tabcontent);
tab_link.tab('show');
tabs.trigger('ready');
@@ -1358,7 +1358,7 @@
}.bind(this));
this.create_tabcontent();
this.set_name(this.name);
- this.title.html(this.name_el.text());
+ this.title.text(this.name_el.text());
},
compare: function(attributes) {
if (!attributes) {
@@ -1398,7 +1398,7 @@
this.set_name(wizard.name);
wizard.tab = this;
this.create_tabcontent();
- this.title.html(this.name_el.text());
+ this.title.text(this.name_el.text());
this.el.append(wizard.form);
},
create_toolbar: function() {
diff -r c553b983d10a -r 6d7c2dbd02a4 src/view/form.js
--- a/src/view/form.js Wed Jun 17 13:51:41 2020 +0200
+++ b/src/view/form.js Mon Jun 29 17:29:45 2020 +0200
@@ -780,7 +780,7 @@
.append(img)
.text(text))
.appendTo(this.nav);
- pane.html(tab).appendTo(this.panes);
+ pane.append(tab).appendTo(this.panes);
if (!this.selected) {
// Can not use .tab('show')
page.addClass('active');
diff -r c553b983d10a -r 6d7c2dbd02a4 src/view/tree.js
--- a/src/view/tree.js Wed Jun 17 13:51:41 2020 +0200
+++ b/src/view/tree.js Mon Jun 29 17:29:45 2020 +0200
@@ -1336,7 +1336,7 @@
if (item.length) {
prefix.render(this.record, item);
} else {
- prefix_el.html(prefix.render(this.record));
+
prefix_el.empty().append(prefix.render(this.record));
}
}
}
@@ -1345,7 +1345,7 @@
if (item.length) {
column.render(this.record, item);
} else {
- widget.html(column.render(this.record));
+ widget.empty().append(column.render(this.record));
}
if (column.suffixes) {
for (var k = 0; k < column.suffixes.length; k++) {
@@ -1355,7 +1355,7 @@
if (item.length) {
suffix.render(this.record, item);
} else {
- suffix_el.html(suffix.render(this.record));
+
suffix_el.empty().append(suffix.render(this.record));
}
}
}
@@ -1692,7 +1692,7 @@
this.tree.columns.forEach(function(col, idx) {
var td = this._get_column_td(idx);
var static_el = this.get_static_el(td);
- static_el.html(col.render(this.record)).show();
+ static_el.empty().append(col.render(this.record)).show();
this.get_editable_el(td)
.empty()
.data('widget', null)
diff -r c553b983d10a -r 6d7c2dbd02a4 src/window.js
--- a/src/window.js Wed Jun 17 13:51:41 2020 +0200
+++ b/src/window.js Mon Jun 29 17:29:45 2020 +0200
@@ -1092,7 +1092,7 @@
for(var i=0; i<this.encodings.length; i++) {
jQuery('<option/>', {
'val': this.encodings[i]
- }).html(this.encodings[i]).appendTo(this.el_csv_encoding);
+ }).append(this.encodings[i]).appendTo(this.el_csv_encoding);
}
var enc = 'utf-8';
@@ -1194,7 +1194,7 @@
var field = el_field.attr('field');
var node = jQuery('<li/>', {
'field': field,
- }).html(el_field.attr('name')).click(function(e) {
+ }).text(el_field.attr('name')).click(function(e) {
if (e.ctrlKey) {
node.toggleClass('bg-primary');
} else {
@@ -1218,7 +1218,7 @@
var node = jQuery('<li/>', {
'field': parent_node[field].field,
'name': parent_node[field].name
- }).html(name).click(function(e) {
+ }).text(name).click(function(e) {
if(e.ctrlKey) {
node.toggleClass('bg-primary');
} else {
@@ -1342,7 +1342,7 @@
}
var node = jQuery('<li/>', {
'field': field
- }).html(name).click(function(){
+ }).text(name).click(function(){
node.addClass('bg-primary')
.siblings().removeClass('bg-primary');
}).appendTo(this.fields_selected);
@@ -1484,10 +1484,10 @@
'id': 'input-records',
}).append(jQuery('<option/>', {
'val': true,
- }).html(Sao.i18n.gettext("Selected Records")))
+ }).text(Sao.i18n.gettext("Selected Records")))
.append(jQuery('<option/>', {
'val': false,
- }).html(Sao.i18n.gettext("Listed Records")));
+ }).text(Sao.i18n.gettext("Listed Records")));
this.ignore_search_limit = jQuery('<input/>', {
'type': 'checkbox',
@@ -1560,7 +1560,7 @@
var path = parent_node[name].path;
var node = jQuery('<li/>', {
'path': path
- }).html(parent_node[name].string).click(function(e) {
+ }).text(parent_node[name].string).click(function(e) {
if(e.ctrlKey) {
node.toggleClass('bg-primary');
} else {
@@ -1811,7 +1811,7 @@
}
var node = jQuery('<li/>', {
'path': name,
- }).html(long_string).click(function(e) {
+ }).text(long_string).click(function(e) {
if(e.ctrlKey) {
node.toggleClass('bg-primary');
} else {
