changeset bb05591968e8 in sao:5.2
details: https://hg.tryton.org/sao?cmd=changeset;node=bb05591968e8
description:
Escape external strings
issue9394
review293931002
(grafted from d1858845ab3aebd0788b18c667c58617ee54ad4f)
diffstat:
CHANGELOG | 2 ++
src/tab.js | 6 +++---
src/view/form.js | 2 +-
src/view/tree.js | 7 ++++---
src/window.js | 12 ++++++------
5 files changed, 16 insertions(+), 13 deletions(-)
diffs (146 lines):
diff -r 9f7eff972320 -r bb05591968e8 CHANGELOG
--- a/CHANGELOG Tue Jun 16 19:14:46 2020 +0200
+++ b/CHANGELOG Mon Jun 29 17:29:45 2020 +0200
@@ -1,3 +1,5 @@
+* Escape external string (issue9394)
+
Version 5.2.17 - 2020-06-16
* Bug fixes (see mercurial logs for details)
diff -r 9f7eff972320 -r bb05591968e8 src/tab.js
--- a/src/tab.js Tue Jun 16 19:14:46 2020 +0200
+++ b/src/tab.js Mon Jun 29 17:29:45 2020 +0200
@@ -404,7 +404,7 @@
role: 'tabpanel',
'class': 'tab-pane',
id: tab.id
- }).html(tab.el)
+ }).append(tab.el)
.appendTo(tabcontent);
tab_link.tab('show');
tabs.trigger('ready');
@@ -1356,7 +1356,7 @@
}.bind(this));
this.create_tabcontent();
this.set_name(this.name);
- this.title.html(this.name_el.text());
+ this.title.text(this.name_el.text());
},
compare: function(attributes) {
if (!attributes) {
@@ -1396,7 +1396,7 @@
this.set_name(wizard.name);
wizard.tab = this;
this.create_tabcontent();
- this.title.html(this.name_el.text());
+ this.title.text(this.name_el.text());
this.el.append(wizard.form);
},
create_toolbar: function() {
diff -r 9f7eff972320 -r bb05591968e8 src/view/form.js
--- a/src/view/form.js Tue Jun 16 19:14:46 2020 +0200
+++ b/src/view/form.js Mon Jun 29 17:29:45 2020 +0200
@@ -730,7 +730,7 @@
.append(img)
.text(text))
.appendTo(this.nav);
- pane.html(tab).appendTo(this.panes);
+ pane.append(tab).appendTo(this.panes);
if (!this.selected) {
// Can not use .tab('show')
page.addClass('active');
diff -r 9f7eff972320 -r bb05591968e8 src/view/tree.js
--- a/src/view/tree.js Tue Jun 16 19:14:46 2020 +0200
+++ b/src/view/tree.js Mon Jun 29 17:29:45 2020 +0200
@@ -1004,6 +1004,7 @@
if (cell.length) {
prefix.render(this.record, cell);
} else {
+
prefix_el.empty().append(prefix.render(this.record));
prefix_el.html(prefix.render(this.record));
}
}
@@ -1013,7 +1014,7 @@
if (cell.length) {
column.render(this.record, cell);
} else {
- widget.html(column.render(this.record));
+ widget.empty().append(column.render(this.record));
}
if (column.suffixes) {
for (var k = 0; k < column.suffixes.length; k++) {
@@ -1023,7 +1024,7 @@
if (cell.length) {
suffix.render(this.record, cell);
} else {
- suffix_el.html(suffix.render(this.record));
+
suffix_el.empty().append(suffix.render(this.record));
}
}
}
@@ -1327,7 +1328,7 @@
this.tree.columns.forEach(function(col, idx) {
var td = this._get_column_td(idx);
var static_el = this.get_static_el(td);
- static_el.html(col.render(this.record)).show();
+ static_el.empty().append(col.render(this.record)).show();
this.get_editable_el(td)
.empty()
.data('widget', null)
diff -r 9f7eff972320 -r bb05591968e8 src/window.js
--- a/src/window.js Tue Jun 16 19:14:46 2020 +0200
+++ b/src/window.js Mon Jun 29 17:29:45 2020 +0200
@@ -1100,7 +1100,7 @@
for(var i=0; i<this.encodings.length; i++) {
jQuery('<option/>', {
'val': this.encodings[i]
- }).html(this.encodings[i]).appendTo(this.el_csv_encoding);
+ }).append(this.encodings[i]).appendTo(this.el_csv_encoding);
}
var enc = 'utf-8';
@@ -1204,7 +1204,7 @@
var field = el_field.attr('field');
var node = jQuery('<li/>', {
'field': field,
- }).html(el_field.attr('name')).click(function(e) {
+ }).text(el_field.attr('name')).click(function(e) {
if (e.ctrlKey) {
node.toggleClass('bg-primary');
} else {
@@ -1228,7 +1228,7 @@
var node = jQuery('<li/>', {
'field': parent_node[field].field,
'name': parent_node[field].name
- }).html(name).click(function(e) {
+ }).text(name).click(function(e) {
if(e.ctrlKey) {
node.toggleClass('bg-primary');
} else {
@@ -1359,7 +1359,7 @@
}
var node = jQuery('<li/>', {
'field': field
- }).html(name).click(function(){
+ }).text(name).click(function(){
node.addClass('bg-primary')
.siblings().removeClass('bg-primary');
}).appendTo(this.fields_selected);
@@ -1537,7 +1537,7 @@
var path = parent_node[name].path;
var node = jQuery('<li/>', {
'path': path
- }).html(parent_node[name].string).click(function(e) {
+ }).text(parent_node[name].string).click(function(e) {
if(e.ctrlKey) {
node.toggleClass('bg-primary');
} else {
@@ -1803,7 +1803,7 @@
}
var node = jQuery('<li/>', {
'path': name,
- }).html(long_string).click(function(e) {
+ }).text(long_string).click(function(e) {
if(e.ctrlKey) {
node.toggleClass('bg-primary');
} else {
