Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtp (Exim 4.84_2) (envelope-from ) id 1as8Ss-00006a-F8 for pgadmin-hackers@arkaria.postgresql.org; Mon, 18 Apr 2016 12:39:42 +0000 Received: from localhost ([127.0.0.1] helo=postgresql.org) by malur.postgresql.org with smtp (Exim 4.84_2) (envelope-from ) id 1as8Sr-0007JD-GM for pgadmin-hackers@arkaria.postgresql.org; Mon, 18 Apr 2016 12:39:41 +0000 Received: from makus.postgresql.org ([2001:4800:1501:1::229]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1as8Sq-0007HB-NL for pgadmin-hackers@postgresql.org; Mon, 18 Apr 2016 12:39:40 +0000 Received: from mail-ig0-x233.google.com ([2607:f8b0:4001:c05::233]) by makus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.84_2) (envelope-from ) id 1as8Sn-0003Ps-T3 for pgadmin-hackers@postgresql.org; Mon, 18 Apr 2016 12:39:39 +0000 Received: by mail-ig0-x233.google.com with SMTP id gy3so71200251igb.0 for ; Mon, 18 Apr 2016 05:39:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pgadmin-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=adNS8Fax+6Uch7tPxmboi2ZmT97xzXR7ZixgqukgSZ4=; b=JohsiHGIL+lge/MeBXvj6QipywnejESsNcYps6Sla/qSG8Wta5R1jkD7ClWmvlsVKG XSQSwyLbB0at6uON/Aq/cDGg3iCOKKl+L1JpdcyRow8Cd8Sh/SZR5S2hYPNaz9uGz1+e ijkSMGoEsUosiUWaLN0Q5JT5QDX0iI0rgPpO+ywnFOFDe1W+8pD+U+ihIAZn/cd7//KV fPbOPTZ3YPHJVbcBchIu/2+WeONCep1ip51SUJMnDeo8bE+tbAhxUHPXAyilyVeIXSC2 2Z1lJpOHCEypQxUkkXAVWGpZZyWkjF00CaBzP1EAtJI1abgWa+swQBkXcDtl2ESceXVO g7yg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=adNS8Fax+6Uch7tPxmboi2ZmT97xzXR7ZixgqukgSZ4=; b=FyUaT6f0fXGMEz74IXvArYDDDpyvObaRtrt5e3ZBJTX7vdfbD+OlRym7jKiylXJhAu nDyyzShgr8SNIJaeELuA/fZweg1CeS13V1rgqyYSKdDOgv5mC111W+FM3sxp/NkJEdC4 bcaWDc+ktImKtten2HXEgnjPABd/p7fp6ibtO8e1EdRl3Edg4lutxL/SyePft5nGx5A9 Tkfre9qEK/s2597iQFBfwlku2+1LXTlWX6bDuv8U8nf7NNCJjR2s+WZr/8N9dSq0RioI t6UKooRUmVbPlYX0YZeLrNtl+OVACbiPQ1mDB+7IksyWzOwk2p0+v8EOQk0cHxoxBZLk hhoQ== X-Gm-Message-State: AOPr4FUnKXvQ/28EcvjPE0MGAfev+DXCgiFZdtrsj6zrvDbYO8obtocdIrNrGoXvk2aTVBWn1rkd1U2smBDCQA== MIME-Version: 1.0 X-Received: by 10.50.73.133 with SMTP id l5mr18757975igv.69.1460983177327; Mon, 18 Apr 2016 05:39:37 -0700 (PDT) Received: by 10.64.105.131 with HTTP; Mon, 18 Apr 2016 05:39:37 -0700 (PDT) In-Reply-To: References: Date: Mon, 18 Apr 2016 13:39:37 +0100 Message-ID: Subject: Re: [pgAdmin4][patch]: String evaluation issue From: Dave Page To: Neel Patel Cc: pgadmin-hackers Content-Type: multipart/alternative; boundary=089e0129483a4f09c20530c1a7dc X-Pg-Spam-Score: -2.6 (--) List-Archive: List-Help: List-ID: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mailing-List: pgadmin-hackers Precedence: bulk Sender: pgadmin-hackers-owner@postgresql.org --089e0129483a4f09c20530c1a7dc Content-Type: text/plain; charset=UTF-8 Thanks, applied. On Monday, April 18, 2016, Neel Patel wrote: > Hi, > > Please find attached patch file containing the fix for the below issue. > This issue is reported by Dave during the debugger code review and we have > removed the same issue from other files where we used. > > *Issue :- * > > When we use below string to form the error message then it will not work > because Jinja will evaluate the string " + err.errormsg + " before it gets > evaluated as JS by the browser. > > *alertify.error("{{ _('" + err.errormsg + "') }}");* > > > Do review it and let us know for any comments. > > Thanks, > Neel Patel > > -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company --089e0129483a4f09c20530c1a7dc Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Thanks, applied.

On Monday, April 18, 2016, Neel Patel <neel.patel@enterprisedb.com>= wrote:
Hi,

Please find attached patch file containing the fix for the below iss= ue.
This issue is reported by Dave during the debugger code revie= w and we have removed the same issue from other files where we used.
<= div>
Issue :-=C2=A0

Wh= en we use below string to form the error message then it will not work beca= use Jinja will evaluate the string " + err.errormsg + " before it= gets evaluated as JS by the browser.

=C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0alertify.error("{{ _('" + e= rr.errormsg + "') }}");


=
Do review it and let us know for any comments.

Thanks,
Neel Patel



--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @= pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL= Company

--089e0129483a4f09c20530c1a7dc--