[MediaWiki-commits] [Gerrit] wikidata...gui[master]: Sanitize query template definition input

Jonas Kress (WMDE) (Code Review) Thu, 25 May 2017 08:33:00 -0700

Jonas Kress (WMDE) has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/355624 )


Change subject: Sanitize query template definition input
......................................................................

Sanitize query template definition input

Change-Id: I313aea63577607da9fd620b134084ce3cb5cace2
---
M wikibase/queryService/ui/visualEditor/VisualEditor.js
1 file changed, 3 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/wikidata/query/gui 
refs/changes/24/355624/1

diff --git a/wikibase/queryService/ui/visualEditor/VisualEditor.js 
b/wikibase/queryService/ui/visualEditor/VisualEditor.js
index 77a8ca6..d60b71f 100644
--- a/wikibase/queryService/ui/visualEditor/VisualEditor.js
+++ b/wikibase/queryService/ui/visualEditor/VisualEditor.js
@@ -167,6 +167,7 @@
                        try {
                                return $element.html( 
this._getQueryTemplateHtml( template ) );
                        } catch ( e ) {
+                               window.console.log( e );
                        }
                }
 
@@ -211,7 +212,7 @@
         */
        SELF.prototype._getQueryTemplateHtml = function( definition ) {
                var self = this,
-                       template = '<span>' + definition.template + '</span>',
+                       template = $( '<span>' ).text( definition.template 
)[0].outerHTML,
                        $html = $( '<div>' ),
                        bindings = this._query.getBindings();
 
@@ -248,7 +249,7 @@
                                                $html.find( '.' + 
variable.replace( '?', '' ) ).append( $label );
                                        } );
 
-                       template = template.replace( variable, '<span class="' 
+ variable.replace( '?', '' ) + '"></span>' );
+                       template = template.replace( variable, $( '<span>' 
).addClass( variable.replace( '?', '' ) )[0].outerHTML );
                } );
 
                return $html.append( $( template ) );

-- 
To view, visit https://gerrit.wikimedia.org/r/355624
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I313aea63577607da9fd620b134084ce3cb5cace2
Gerrit-PatchSet: 1
Gerrit-Project: wikidata/query/gui
Gerrit-Branch: master
Gerrit-Owner: Jonas Kress (WMDE) <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] wikidata...gui[master]: Sanitize query template definition input

Reply via email to