scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-11-08 07:21:03 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #5834 from aignatov-bio/ai-sci-8912-fix-characters-escaping

Browse source 
Fix escape issues [SCI-8912]
This commit is contained in:
aignatov-bio 2023-07-21 11:53:27 +02:00 committed by GitHub
commit 160bc270b6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 11 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/user_my_modules_controller.rb
View file

@ -54,7 +54,7 @@ class UserMyModulesController < ApplicationController
render json: {
user: {
id: @um.user.id,
full_name: @um.user.full_name,
full_name: escape_input(@um.user.full_name),
avatar_url: avatar_path(@um.user, :icon_small),
user_module_id: @um.id
}

4
app/views/shared/smart_annotation/_experiment_items.html.erb
View file

@ -7,10 +7,10 @@
</div>
<div class="items">
<% experiment_group[:experiments].each do |experiment| %>
<li class="item" data-name="<%= experiment.name %>" data-id="<%= experiment.id.base62_encode %>" data-type="exp">
<li class="item" data-name="<%= sanitize_input(experiment.name) %>" data-id="<%= experiment.id.base62_encode %>" data-type="exp">
<span class='sa-type'><%= experiment.code %></span>
<span class="dot">&middot;</span>
<span class="item-text"><%= experiment.name %></span>
<span class="item-text"><%= sanitize_input(experiment.name) %></span>
<%= render partial: 'shared/smart_annotation/atwho_control_buttons' %>
</li>
<% end %>

4
app/views/shared/smart_annotation/_my_module_items.html.erb
View file

@ -9,10 +9,10 @@
</div>
<div class="items">
<% task_group[:tasks].each do |task| %>
<li class="item" data-name="<%= task.name %>" data-id="<%= task.id.base62_encode %>" data-type="tsk">
<li class="item" data-name="<%= sanitize_input(task.name) %>" data-id="<%= task.id.base62_encode %>" data-type="tsk">
<span class='sa-type'><%= task.code %></span>
<span class="dot">&middot;</span>
<span class="item-text"><%= task.name %></span>
<span class="item-text"><%= sanitize_input(task.name) %></span>
<%= render partial: 'shared/smart_annotation/atwho_control_buttons' %>
</li>
<% end %>

4
app/views/shared/smart_annotation/_project_items.html.erb
View file

@ -1,10 +1,10 @@
<% limit_reached = projects.length == Constants::ATWHO_SEARCH_LIMIT + 1 %>
<div class="atwho-scroll-container">
<% projects.limit(Constants::ATWHO_SEARCH_LIMIT).each do |project| %>
<li class="item" data-name="<%= project.name %>" data-id="<%= project.id.base62_encode %>" data-type="prj">
<li class="item" data-name="<%= sanitize_input(project.name) %>" data-id="<%= project.id.base62_encode %>" data-type="prj">
<span class='sa-type'><%= project.code %></span>
<span class="dot">&middot;</span>
<span class="item-text"><%= project.name %></span>
<span class="item-text"><%= sanitize_input(project.name) %></span>
<%= render partial: 'shared/smart_annotation/atwho_control_buttons' %>
</li>
<% end %>

4
app/views/shared/smart_annotation/_repository_items.html.erb
View file

@ -1,10 +1,10 @@
<% limit_reached = repository_rows.length == Constants::ATWHO_SEARCH_LIMIT + 1 %>
<div class="atwho-scroll-container">
<% repository_rows.take(Constants::ATWHO_SEARCH_LIMIT).each do |row| %>
<li class="item" data-name="<%= row[:name] %>" data-id="<%= row[:id_encoded] %>" data-type="rep_item">
<li class="item" data-name="<%= sanitize_input(row[:name]) %>" data-id="<%= row[:id_encoded] %>" data-type="rep_item">
<span class='sa-type'><%= row[:code] %></span>
<span class="dot">&middot;</span>
<span class="item-text"><%= row[:name] %></span>
<span class="item-text"><%= sanitize_input(row[:name]) %></span>
<%= render partial: 'shared/smart_annotation/atwho_control_buttons', locals: { row: row, repository: repository } %>
</li>
<% end %>

4
app/views/shared/smart_annotation/_users.html.erb
View file

@ -5,10 +5,10 @@
</div>
<div class="atwho-scroll-container">
<% users.limit(Constants::ATWHO_SEARCH_LIMIT).each do |user| %>
<li class="atwho-user" data-full-name="<%= user.full_name %>" data-id="<%= user.id.base62_encode %>" data-type="rep_item">
<li class="atwho-user" data-full-name="<%= sanitize_input(user.full_name) %>" data-id="<%= user.id.base62_encode %>" data-type="rep_item">
<img src="<%= avatar_path(user, :icon_small) %>" class="avatar" />
<div class="user-info">
<div class="user-name item-text"><%= user.full_name %></div>
<div class="user-name item-text"><%= sanitize_input(user.full_name) %></div>
<div class="user-email item-text"><%= user.email %></div>
</div>
</li>