details: https://code.openbravo.com/erp/devel/pi/rev/1fe55bea0066
changeset: 32627:1fe55bea0066
user: Asier Lostalé <asier.lostale <at> openbravo.com>
date: Thu Sep 07 12:16:48 2017 +0200
summary: fixed bug 36788: having some special UTF characters in DS response
breaks UI
When a DS response (or any other one that's later evaluated as JavaScript)
includes certain characters, UI breaks.
This is causes because these characters are not valied in JavaScript so when
they are evaluated using eval function, it crashes.
It has been fixed by escaping those characters in client side when the request
arrives just before starting to process it.
diffstat:
modules/org.openbravo.userinterface.smartclient/web/org.openbravo.userinterface.smartclient/js/ob-smartclient.js
| 35 +++++++++-
1 files changed, 34 insertions(+), 1 deletions(-)
diffs (59 lines):
diff -r d21362467e8b -r 1fe55bea0066
modules/org.openbravo.userinterface.smartclient/web/org.openbravo.userinterface.smartclient/js/ob-smartclient.js
---
a/modules/org.openbravo.userinterface.smartclient/web/org.openbravo.userinterface.smartclient/js/ob-smartclient.js
Thu Sep 07 11:56:46 2017 +0200
+++
b/modules/org.openbravo.userinterface.smartclient/web/org.openbravo.userinterface.smartclient/js/ob-smartclient.js
Thu Sep 07 12:16:48 2017 +0200
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2011-2015 Openbravo SLU
+ * All portions are Copyright (C) 2011-2017 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -777,6 +777,7 @@
this._originalhandleError(response, request);
}
},
+
_originalEvalResult: isc.RPCManager.evalResult,
evalResult: function (request, response, results) {
// if the response contains an error status, call the errorCallback
@@ -784,6 +785,38 @@
request.errorCallback(request, response);
}
return this._originalEvalResult(request, response, results);
+ },
+
+ // Escape characters that are not properly handled in JavaScript's eval. See
issue #36788.
+ // Solution based on Crockford's JSON.parse implementation
+ // https://github.com/douglascrockford/JSON-js
+ dangerousChars:
/[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,
+ _originalperformTransactionReply: isc.RPCManager.performTransactionReply,
+ performTransactionReply: function (transactionNum, results, wd) {
+ var resp = results.responseText;
+
+ this.dangerousChars.lastIndex = 0;
+ if (resp && isc.isA.String(resp) && this.dangerousChars.test(resp)) {
+ resp = resp.replace(this.dangerousChars, function (a) {
+ return '\\u' + ('0000' + a.charCodeAt(0).toString(16)).slice(-4);
+ });
+
+ // results is a XMLHttpRequest, response properties are immutable by
default,
+ // this hacks allows to modify them
+ Object.defineProperties(results, {
+ 'responseText': {
+ writable: true
+ },
+ 'response': {
+ writable: true
+ }
+ });
+
+ results.responseText = resp;
+ results.response = resp;
+ }
+
+ return this._originalperformTransactionReply(transactionNum, results, wd)
}
});
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openbravo-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openbravo-commits
