Skip to content

Commit

Permalink
Escape HTML in texts shown in DataTables
Browse files Browse the repository at this point in the history
  • Loading branch information
@atodorov
atodorov committed Aug 30, 2018
1 parent 3149878 commit ca3e119
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 3 deletions.
22 changes: 22 additions & 0 deletions tcms/static/js/utils.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,3 +53,25 @@ function updateParamsToSearchTags(selector, params) {
params['tag__name__in'] = tag_list;
};
}


/*
Replaces HTML characters for display in DataTables
backslash(\), quotes('), double quotes (")
https://github.com/kiwitcms/Kiwi/issues/78
angle brackets (<>)
https://github.com/kiwitcms/Kiwi/issues/234
*/
function escapeHTML(unsafe) {
return unsafe.replace(/[&<>"']/g, function(m) {
return ({
'&': '&amp;',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
'\'': '&#039;'
})[m]
});
}
2 changes: 1 addition & 1 deletion tcms/testplans/static/testplans/js/search.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ $(document).ready(function() {
{
data: null,
render: function (data, type, full, meta) {
return '<a href="/plan/'+ data.plan_id + '">' + data.name + '</a>';
return '<a href="/plan/'+ data.plan_id + '/">' + escapeHTML(data.name) + '</a>';
}
},
{ data: "create_date" },
Expand Down
4 changes: 2 additions & 2 deletions tcms/testruns/static/testruns/js/search.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,13 +82,13 @@ $(document).ready(function() {
{
data: null,
render: function (data, type, full, meta) {
return '<a href="/run/'+ data.run_id + '" target="_parent">' + data.summary + '</a>';
return '<a href="/run/'+ data.run_id + '/" target="_parent">' + escapeHTML(data.summary) + '</a>';
}
},
{
data: null,
render: function (data, type, full, meta) {
return '<a href="/plan/'+ data.plan_id + '" target="_parent">TP-' + data.plan_id + ': ' + data.plan + '</a>';
return '<a href="/plan/'+ data.plan_id + '/" target="_parent">TP-' + data.plan_id + ': ' + escapeHTML(data.plan) + '</a>';
}
},
{ data: "manager" },
Expand Down

0 comments on commit ca3e119

Please sign in to comment.