public inbox for [email protected]
help / color / mirror / Atom feedFrom: Aditya Toshniwal <[email protected]>
To: pgadmin-hackers <[email protected]>
Subject: [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters
Date: Tue, 27 Aug 2019 16:44:11 +0530
Message-ID: <CAM9w-_m8Qj0DnZEqRPM1nBZWwcedEoozbi+AwNArseE=W7FYKQ@mail.gmail.com> (raw)
Hi Hackers,
Attached is the patch to fix the issue.
Kindly review.
--
Thanks and Regards,
Aditya Toshniwal
Software Engineer | EnterpriseDB India | Pune
"Don't Complain about Heat, Plant a TREE"
Attachments:
[application/octet-stream] RM4674.patch (1.9K, 3-RM4674.patch)
download | inline diff:
diff --git a/web/pgadmin/tools/datagrid/static/js/datagrid.js b/web/pgadmin/tools/datagrid/static/js/datagrid.js
index f12ab7a7..7610d955 100644
--- a/web/pgadmin/tools/datagrid/static/js/datagrid.js
+++ b/web/pgadmin/tools/datagrid/static/js/datagrid.js
@@ -227,7 +227,7 @@ define('pgadmin.datagrid', [
queryToolForm +=`
</form>
<script>
- document.getElementById("title").value = "${panel_title}";
+ document.getElementById("title").value = "${_.escape(panel_title)}";
document.getElementById("queryToolForm").submit();
</script>
`;
diff --git a/web/pgadmin/tools/datagrid/static/js/datagrid_panel_title.js b/web/pgadmin/tools/datagrid/static/js/datagrid_panel_title.js
index 8c9b999c..6ea36ac5 100644
--- a/web/pgadmin/tools/datagrid/static/js/datagrid_panel_title.js
+++ b/web/pgadmin/tools/datagrid/static/js/datagrid_panel_title.js
@@ -52,6 +52,6 @@ export function setQueryToolDockerTitle(panel, is_query_tool, panel_title, is_fi
panel_icon = 'fa fa-bolt';
}
- panel.title('<span title="'+ panel_tooltip +'">'+ panel_title +'</span>');
+ panel.title('<span title="'+ _.escape(panel_title) +'">'+ _.escape(panel_title) +'</span>');
panel.icon(panel_icon);
}
diff --git a/web/pgadmin/tools/sqleditor/static/js/sqleditor.js b/web/pgadmin/tools/sqleditor/static/js/sqleditor.js
index 7e368ffb..82ceb3f5 100644
--- a/web/pgadmin/tools/sqleditor/static/js/sqleditor.js
+++ b/web/pgadmin/tools/sqleditor/static/js/sqleditor.js
@@ -3436,7 +3436,7 @@ define('tools.querytool', [
// Find the title of the visible panel
_.each(window.top.pgAdmin.Browser.docker.findPanels('frm_datagrid'), function(p) {
if (p.isVisible()) {
- self.gridView.panel_title = $(p._title).html();
+ self.gridView.panel_title = $(p._title).text();
}
});
view thread (4+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters
In-Reply-To: <CAM9w-_m8Qj0DnZEqRPM1nBZWwcedEoozbi+AwNArseE=W7FYKQ@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox