[MediaWiki-commits] [Gerrit] wikidata...gui[master]: Sanitize query template definition input

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/355624 )

Change subject: Sanitize query template definition input
......................................................................


Sanitize query template definition input

Change-Id: I313aea63577607da9fd620b134084ce3cb5cace2
---
M wikibase/queryService/ui/visualEditor/VisualEditor.js
1 file changed, 3 insertions(+), 2 deletions(-)

Approvals:
  Lucas Werkmeister (WMDE): Looks good to me, approved
  jenkins-bot: Verified



diff --git a/wikibase/queryService/ui/visualEditor/VisualEditor.js 
b/wikibase/queryService/ui/visualEditor/VisualEditor.js
index 77a8ca6..d60b71f 100644
--- a/wikibase/queryService/ui/visualEditor/VisualEditor.js
+++ b/wikibase/queryService/ui/visualEditor/VisualEditor.js
@@ -167,6 +167,7 @@
                        try {
                                return $element.html( 
this._getQueryTemplateHtml( template ) );
                        } catch ( e ) {
+                               window.console.log( e );
                        }
                }
 
@@ -211,7 +212,7 @@
         */
        SELF.prototype._getQueryTemplateHtml = function( definition ) {
                var self = this,
-                       template = '<span>' + definition.template + '</span>',
+                       template = $( '<span>' ).text( definition.template 
)[0].outerHTML,
                        $html = $( '<div>' ),
                        bindings = this._query.getBindings();
 
@@ -248,7 +249,7 @@
                                                $html.find( '.' + 
variable.replace( '?', '' ) ).append( $label );
                                        } );
 
-                       template = template.replace( variable, '<span class="' 
+ variable.replace( '?', '' ) + '"></span>' );
+                       template = template.replace( variable, $( '<span>' 
).addClass( variable.replace( '?', '' ) )[0].outerHTML );
                } );
 
                return $html.append( $( template ) );

-- 
To view, visit https://gerrit.wikimedia.org/r/355624
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I313aea63577607da9fd620b134084ce3cb5cace2
Gerrit-PatchSet: 1
Gerrit-Project: wikidata/query/gui
Gerrit-Branch: master
Gerrit-Owner: Jonas Kress (WMDE) <jonas.kr...@wikimedia.de>
Gerrit-Reviewer: Lucas Werkmeister (WMDE) <lucas.werkmeis...@wikimedia.de>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits