Re: [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Aditya Toshniwal <[email protected]>
To: pgadmin-hackers <[email protected]>
Subject: Re: [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters
Date: Thu, 5 Dec 2019 12:43:34 +0530
Message-ID: <CAM9w-_kPk=7DWjC1eUkwp99g9B38ZLnDAy5DoaNj-SzsFMEwSw@mail.gmail.com> (raw)
In-Reply-To: <CANxoLDew_TGs35srEejxU35kv6cJ1yqZGv69Z3cfJJz4FBrTQA@mail.gmail.com>
References: <CAM9w-_m8Qj0DnZEqRPM1nBZWwcedEoozbi+AwNArseE=W7FYKQ@mail.gmail.com>
	<CANxoLDew_TGs35srEejxU35kv6cJ1yqZGv69Z3cfJJz4FBrTQA@mail.gmail.com>

Hi Hackers,

This issue seems to have reappeared. Kindly review the attached patch to
fix it again.

On Wed, Aug 28, 2019 at 10:47 AM Akshay Joshi <[email protected]>
wrote:

> Thanks patch applied.
>
> On Tue, Aug 27, 2019 at 4:44 PM Aditya Toshniwal <
> [email protected]> wrote:
>
>> Hi Hackers,
>>
>> Attached is the patch to fix the issue.
>> Kindly review.
>>
>> --
>> Thanks and Regards,
>> Aditya Toshniwal
>> Software Engineer | EnterpriseDB India | Pune
>> "Don't Complain about Heat, Plant a TREE"
>>
>
>
> --
> *Thanks & Regards*
> *Akshay Joshi*
>
> *Sr. Software Architect*
> *EnterpriseDB Software India Private Limited*
> *Mobile: +91 976-788-8246*
>


-- 
Thanks and Regards,
Aditya Toshniwal
Sr. Software Engineer | EnterpriseDB India | Pune
"Don't Complain about Heat, Plant a TREE"


Attachments:

  [application/octet-stream] RM4674_v2.patch (635B, 3-RM4674_v2.patch)
  download | inline diff:
diff --git a/web/pgadmin/tools/datagrid/static/js/datagrid.js b/web/pgadmin/tools/datagrid/static/js/datagrid.js
index b4258ee59..1df617386 100644
--- a/web/pgadmin/tools/datagrid/static/js/datagrid.js
+++ b/web/pgadmin/tools/datagrid/static/js/datagrid.js
@@ -227,7 +227,7 @@ define('pgadmin.datagrid', [
         queryToolForm +=`
           </form>
             <script>
-              document.getElementById("title").value = "${panel_title}";
+              document.getElementById("title").value = "${_.escape(panel_title)}";
               document.getElementById("queryToolForm").submit();
             </script>
           `;

view thread (4+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected]
  Subject: Re: [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters
  In-Reply-To: <CAM9w-_kPk=7DWjC1eUkwp99g9B38ZLnDAy5DoaNj-SzsFMEwSw@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox