public inbox for [email protected]
help / color / mirror / Atom feed[pgAdmin][RM4674] User can not launch query tool window if user name contain html characters
4+ messages / 2 participants
[nested] [flat]
* [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters
@ 2019-08-27 11:14 Aditya Toshniwal <[email protected]>
2019-08-28 05:16 ` Re: [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters Akshay Joshi <[email protected]>
0 siblings, 1 reply; 4+ messages in thread
From: Aditya Toshniwal @ 2019-08-27 11:14 UTC (permalink / raw)
To: pgadmin-hackers
Hi Hackers,
Attached is the patch to fix the issue.
Kindly review.
--
Thanks and Regards,
Aditya Toshniwal
Software Engineer | EnterpriseDB India | Pune
"Don't Complain about Heat, Plant a TREE"
Attachments:
[application/octet-stream] RM4674.patch (1.9K, 3-RM4674.patch)
download | inline diff:
diff --git a/web/pgadmin/tools/datagrid/static/js/datagrid.js b/web/pgadmin/tools/datagrid/static/js/datagrid.js
index f12ab7a7..7610d955 100644
--- a/web/pgadmin/tools/datagrid/static/js/datagrid.js
+++ b/web/pgadmin/tools/datagrid/static/js/datagrid.js
@@ -227,7 +227,7 @@ define('pgadmin.datagrid', [
queryToolForm +=`
</form>
<script>
- document.getElementById("title").value = "${panel_title}";
+ document.getElementById("title").value = "${_.escape(panel_title)}";
document.getElementById("queryToolForm").submit();
</script>
`;
diff --git a/web/pgadmin/tools/datagrid/static/js/datagrid_panel_title.js b/web/pgadmin/tools/datagrid/static/js/datagrid_panel_title.js
index 8c9b999c..6ea36ac5 100644
--- a/web/pgadmin/tools/datagrid/static/js/datagrid_panel_title.js
+++ b/web/pgadmin/tools/datagrid/static/js/datagrid_panel_title.js
@@ -52,6 +52,6 @@ export function setQueryToolDockerTitle(panel, is_query_tool, panel_title, is_fi
panel_icon = 'fa fa-bolt';
}
- panel.title('<span title="'+ panel_tooltip +'">'+ panel_title +'</span>');
+ panel.title('<span title="'+ _.escape(panel_title) +'">'+ _.escape(panel_title) +'</span>');
panel.icon(panel_icon);
}
diff --git a/web/pgadmin/tools/sqleditor/static/js/sqleditor.js b/web/pgadmin/tools/sqleditor/static/js/sqleditor.js
index 7e368ffb..82ceb3f5 100644
--- a/web/pgadmin/tools/sqleditor/static/js/sqleditor.js
+++ b/web/pgadmin/tools/sqleditor/static/js/sqleditor.js
@@ -3436,7 +3436,7 @@ define('tools.querytool', [
// Find the title of the visible panel
_.each(window.top.pgAdmin.Browser.docker.findPanels('frm_datagrid'), function(p) {
if (p.isVisible()) {
- self.gridView.panel_title = $(p._title).html();
+ self.gridView.panel_title = $(p._title).text();
}
});
^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters
2019-08-27 11:14 [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters Aditya Toshniwal <[email protected]>
@ 2019-08-28 05:16 ` Akshay Joshi <[email protected]>
2019-12-05 07:13 ` Re: [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters Aditya Toshniwal <[email protected]>
0 siblings, 1 reply; 4+ messages in thread
From: Akshay Joshi @ 2019-08-28 05:16 UTC (permalink / raw)
To: Aditya Toshniwal <[email protected]>; +Cc: pgadmin-hackers
Thanks patch applied.
On Tue, Aug 27, 2019 at 4:44 PM Aditya Toshniwal <
[email protected]> wrote:
> Hi Hackers,
>
> Attached is the patch to fix the issue.
> Kindly review.
>
> --
> Thanks and Regards,
> Aditya Toshniwal
> Software Engineer | EnterpriseDB India | Pune
> "Don't Complain about Heat, Plant a TREE"
>
--
*Thanks & Regards*
*Akshay Joshi*
*Sr. Software Architect*
*EnterpriseDB Software India Private Limited*
*Mobile: +91 976-788-8246*
^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters
2019-08-27 11:14 [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters Aditya Toshniwal <[email protected]>
2019-08-28 05:16 ` Re: [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters Akshay Joshi <[email protected]>
@ 2019-12-05 07:13 ` Aditya Toshniwal <[email protected]>
2019-12-05 07:44 ` Re: [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters Akshay Joshi <[email protected]>
0 siblings, 1 reply; 4+ messages in thread
From: Aditya Toshniwal @ 2019-12-05 07:13 UTC (permalink / raw)
To: pgadmin-hackers
Hi Hackers,
This issue seems to have reappeared. Kindly review the attached patch to
fix it again.
On Wed, Aug 28, 2019 at 10:47 AM Akshay Joshi <[email protected]>
wrote:
> Thanks patch applied.
>
> On Tue, Aug 27, 2019 at 4:44 PM Aditya Toshniwal <
> [email protected]> wrote:
>
>> Hi Hackers,
>>
>> Attached is the patch to fix the issue.
>> Kindly review.
>>
>> --
>> Thanks and Regards,
>> Aditya Toshniwal
>> Software Engineer | EnterpriseDB India | Pune
>> "Don't Complain about Heat, Plant a TREE"
>>
>
>
> --
> *Thanks & Regards*
> *Akshay Joshi*
>
> *Sr. Software Architect*
> *EnterpriseDB Software India Private Limited*
> *Mobile: +91 976-788-8246*
>
--
Thanks and Regards,
Aditya Toshniwal
Sr. Software Engineer | EnterpriseDB India | Pune
"Don't Complain about Heat, Plant a TREE"
Attachments:
[application/octet-stream] RM4674_v2.patch (635B, 3-RM4674_v2.patch)
download | inline diff:
diff --git a/web/pgadmin/tools/datagrid/static/js/datagrid.js b/web/pgadmin/tools/datagrid/static/js/datagrid.js
index b4258ee59..1df617386 100644
--- a/web/pgadmin/tools/datagrid/static/js/datagrid.js
+++ b/web/pgadmin/tools/datagrid/static/js/datagrid.js
@@ -227,7 +227,7 @@ define('pgadmin.datagrid', [
queryToolForm +=`
</form>
<script>
- document.getElementById("title").value = "${panel_title}";
+ document.getElementById("title").value = "${_.escape(panel_title)}";
document.getElementById("queryToolForm").submit();
</script>
`;
^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters
2019-08-27 11:14 [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters Aditya Toshniwal <[email protected]>
2019-08-28 05:16 ` Re: [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters Akshay Joshi <[email protected]>
2019-12-05 07:13 ` Re: [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters Aditya Toshniwal <[email protected]>
@ 2019-12-05 07:44 ` Akshay Joshi <[email protected]>
0 siblings, 0 replies; 4+ messages in thread
From: Akshay Joshi @ 2019-12-05 07:44 UTC (permalink / raw)
To: Aditya Toshniwal <[email protected]>; +Cc: pgadmin-hackers
Thanks, patch applied.
On Thu, Dec 5, 2019 at 12:44 PM Aditya Toshniwal <
[email protected]> wrote:
> Hi Hackers,
>
> This issue seems to have reappeared. Kindly review the attached patch to
> fix it again.
>
> On Wed, Aug 28, 2019 at 10:47 AM Akshay Joshi <
> [email protected]> wrote:
>
>> Thanks patch applied.
>>
>> On Tue, Aug 27, 2019 at 4:44 PM Aditya Toshniwal <
>> [email protected]> wrote:
>>
>>> Hi Hackers,
>>>
>>> Attached is the patch to fix the issue.
>>> Kindly review.
>>>
>>> --
>>> Thanks and Regards,
>>> Aditya Toshniwal
>>> Software Engineer | EnterpriseDB India | Pune
>>> "Don't Complain about Heat, Plant a TREE"
>>>
>>
>>
>> --
>> *Thanks & Regards*
>> *Akshay Joshi*
>>
>> *Sr. Software Architect*
>> *EnterpriseDB Software India Private Limited*
>> *Mobile: +91 976-788-8246*
>>
>
>
> --
> Thanks and Regards,
> Aditya Toshniwal
> Sr. Software Engineer | EnterpriseDB India | Pune
> "Don't Complain about Heat, Plant a TREE"
>
--
*Thanks & Regards*
*Akshay Joshi*
*Sr. Software Architect*
*EnterpriseDB Software India Private Limited*
*Mobile: +91 976-788-8246*
^ permalink raw reply [nested|flat] 4+ messages in thread
end of thread, other threads:[~2019-12-05 07:44 UTC | newest]
Thread overview: 4+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2019-08-27 11:14 [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters Aditya Toshniwal <[email protected]>
2019-08-28 05:16 ` Akshay Joshi <[email protected]>
2019-12-05 07:13 ` Aditya Toshniwal <[email protected]>
2019-12-05 07:44 ` Akshay Joshi <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox