From 00c63b280ef2baf7eff65c5fdef98beb2c8c0701 Mon Sep 17 00:00:00 2001
From: Alex Kriuchykhin <oleksii@scinote.net>
Date: Wed, 15 Mar 2023 11:14:52 +0100
Subject: [PATCH] Fix displaying of escaped fields [SCI-8137] (#5141)
---
app/assets/javascripts/dashboard/recent_work.js | 2 +-
app/assets/javascripts/my_modules/repositories.js | 6 +++---
app/assets/javascripts/projects/canvas.js.erb | 2 +-
app/controllers/projects_controller.rb | 1 +
app/controllers/users/invitations_controller.rb | 2 +-
5 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/app/assets/javascripts/dashboard/recent_work.js b/app/assets/javascripts/dashboard/recent_work.js
index 7fb797fd1..3403b487b 100644
--- a/app/assets/javascripts/dashboard/recent_work.js
+++ b/app/assets/javascripts/dashboard/recent_work.js
@@ -7,7 +7,7 @@ var DasboardRecentWorkWidget = (function() {
var recentWorkItem = $($('#recent-work-item-template').html());
var recentWorkItemType = recentWorkItem.find('.object-type span');
recentWorkItem.attr('href', item.url);
- recentWorkItem.find('.object-name').text(item.name);
+ recentWorkItem.find('.object-name').html(item.name);
recentWorkItemType.text(item.code || item.type);
recentWorkItem.find('.object-changed').text(item.last_change);
container.append(recentWorkItem);
diff --git a/app/assets/javascripts/my_modules/repositories.js b/app/assets/javascripts/my_modules/repositories.js
index 6f0701c28..739b0dc73 100644
--- a/app/assets/javascripts/my_modules/repositories.js
+++ b/app/assets/javascripts/my_modules/repositories.js
@@ -236,7 +236,7 @@ var MyModuleRepositories = (function() {
var repositoryContainer = $(this).closest('.assigned-repository-container');
repositoryContainer.find('.table.dataTable').removeClass('hidden');
repositoryContainer.find('.dataTables_scrollBody').css('overflow', 'initial');
- repositoryContainer.find('.version-label').text(tableContainer.data('version-label'));
+ repositoryContainer.find('.version-label').html(tableContainer.data('version-label'));
SIMPLE_TABLE.columns.adjust();
},
createdRow: function(row, data) {
@@ -680,8 +680,8 @@ var MyModuleRepositories = (function() {
version = I18n.t('my_modules.repository.full_view.modal_live_header');
}
FULL_VIEW_MODAL.find('.repository-title').data('repository-name', repositoryName);
- FULL_VIEW_MODAL.find('.repository-title').text(title);
- FULL_VIEW_MODAL.find('.repository-version').text(version);
+ FULL_VIEW_MODAL.find('.repository-title').html(title);
+ FULL_VIEW_MODAL.find('.repository-version').html(version);
}
function initRepositoryAssignView() {
diff --git a/app/assets/javascripts/projects/canvas.js.erb b/app/assets/javascripts/projects/canvas.js.erb
index e86c2f134..e60c27000 100644
--- a/app/assets/javascripts/projects/canvas.js.erb
+++ b/app/assets/javascripts/projects/canvas.js.erb
@@ -1129,7 +1129,7 @@ function updateModuleHtml(module, id, name, gridDistX, gridDistY) {
var panelHeading = module.find(".panel-heading");
- module.find(".panel-title").text(name);
+ module.find(".panel-title").html(name);
module.find(".ep").html($("#drag-connections-placeholder").html());
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index a4586b5be..57c58b68b 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -63,6 +63,7 @@ class ProjectsController < ApplicationController
else
breadcrumbs_html = ''
projects_cards_url = cards_projects_url
+ title_html = title
end
cards = Kaminari.paginate_array(overview_service.project_and_folder_cards)
diff --git a/app/controllers/users/invitations_controller.rb b/app/controllers/users/invitations_controller.rb
index d8d44f2bd..753000c1f 100644
--- a/app/controllers/users/invitations_controller.rb
+++ b/app/controllers/users/invitations_controller.rb
@@ -159,7 +159,7 @@ module Users
teams.select { |team| can_invite_team_users?(team) }
- render json: teams.map { |t| { value: t.id, label: t.name } }.to_json
+ render json: teams.map { |t| { value: t.id, label: escape_input(t.name) } }.to_json
end
private