Hi,
Hi, this is a good point you raise here - there are some aspects that need
considering, though -
the data coming in this page (e.g. prj, builds, etc..) is already
coming as JSON, the conversion is done in the view. Here we mark the value
as not needing any further escape (through the safe filter) because we know
it's already a valid json string.
json is already valid javascript code, so we don't need to parse it
manually, the browser will interpret it as such.
btw, we're not using jinja2 templating engine, we use the built-in
django templating engine :)
Cheers,
Alex
On Thu, Nov 6, 2014 at 4:11 PM, Michael Wood <[email protected]>
wrote:
> When passing the data from the jinja2 template to javascript make sure
> we escape and parse the JSON to avoid any invalid values being interpreted.
>
> Signed-off-by: Michael Wood <[email protected]>
> ---
> bitbake/lib/toaster/toastergui/templates/project.html | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/bitbake/lib/toaster/toastergui/templates/project.html
> b/bitbake/lib/toaster/toastergui/templates/project.html
> index 6a81283..00fb2b4 100644
> --- a/bitbake/lib/toaster/toastergui/templates/project.html
> +++ b/bitbake/lib/toaster/toastergui/templates/project.html
> @@ -335,13 +335,13 @@ angular.element(document).ready(function() {
> scope.urls.layers = "{% url 'layers' %}";
> scope.urls.targets = "{% url 'targets' %}";
> scope.urls.importlayer = "{% url 'importlayer'%}"
> - scope.project = {{prj|safe}};
> - scope.builds = {{builds|safe}};
> - scope.layers = {{layers|safe}};
> - scope.targets = {{targets|safe}};
> - scope.frequenttargets = {{freqtargets|safe}};
> - scope.machine = {{machine|safe}};
> - scope.releases = {{releases|safe}};
> + scope.project = JSON.parse ("{{prj|escapejs}}");
> + scope.builds = JSON.parse ("{{builds|escapejs}}");
> + scope.layers = JSON.parse ("{{layers|escapejs}}");
> + scope.targets = JSON.parse ("{{targets|escapejs}}");
> + scope.frequenttargets = JSON.parse ("{{freqtargets|escapejs}}");
> + scope.machine = JSON.parse ("{{machine|escapejs}}");
> + scope.releases = JSON.parse ("{{releases|escapejs}}");
>
> scope.zone1alerts = [];
> scope.zone2alerts = [];
> --
> 1.9.1
>
> --
> _______________________________________________
> toaster mailing list
> [email protected]
> https://lists.yoctoproject.org/listinfo/toaster
>
--
Alex Damian
Yocto Project
SSG / OTC
--
_______________________________________________
toaster mailing list
[email protected]
https://lists.yoctoproject.org/listinfo/toaster
