scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2024-11-10 17:36:33 +08:00
Code Issues Projects Releases Packages Wiki Activity

Escape special chars for FE and BE

Browse source
This commit is contained in:
Urban Rotnik 2020-06-02 15:16:01 +02:00
parent 9b0f215187
commit 9d96baf008
7 changed files with 37 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
app/assets/javascripts/repositories/renderers/columns/checklist.js
View file

@ -4,19 +4,21 @@
var ChecklistColumnHelper = (function() {
function checklistSelect(select, url, values) {
var selectedOptions = '';
var selectObject = $(`<select id="${select}"
data-placeholder = "${I18n.t('repositories.table.checklist.set_checklist')}"
data-ajax-url = "${url}"
data-combine-tags="true"
data-select-multiple-all-selected="${I18n.t('libraries.manange_modal_column.checklist_type.all_options')}"
data-select-multiple-name="${I18n.t('libraries.manange_modal_column.checklist_type.multiple_options')}">${selectedOptions}</select>`);
if (values) {
$.each(values, function(i, option) {
selectedOptions += `<option value="${option.value}">${option.label}</option>`;
var item = $(`<option value="${option.value}"></option>`);
item.text(option.label);
item.appendTo(selectObject);
});
}
return $(`<select
id="${select}"
data-placeholder = "${I18n.t('repositories.table.checklist.set_checklist')}"
data-ajax-url = "${url}"
data-combine-tags="true"
data-select-multiple-all-selected="${I18n.t('libraries.manange_modal_column.checklist_type.all_options')}"
data-select-multiple-name="${I18n.t('libraries.manange_modal_column.checklist_type.multiple_options')}"
>${selectedOptions}</select>`);
return selectObject;
}
function checklistHiddenField(formId, columnId, values) {

14
app/assets/javascripts/repositories/renderers/columns/list.js
View file

@ -4,14 +4,16 @@
var ListColumnHelper = (function() {
function listSelect(select, url, value) {
var selectedOption = '';
var selectObject = $(`<select id="${select}"
data-placeholder = "${I18n.t('repositories.table.list.select_item')}"
data-ajax-url = "${url}" >${selectedOption}</select>`);
if (value && value.value) {
selectedOption = `<option value="${value.value}">${value.label}</option>`;
selectedOption = $(`<option value="${value.value}"></option>`);
selectedOption.text(value.label);
selectedOption.appendTo(selectObject);
}
return $(`<select
id="${select}"
data-placeholder = "${I18n.t('repositories.table.list.select_item')}"
data-ajax-url = "${url}"
>${selectedOption}</select>`);
return selectObject;
}
function listHiddenField(formId, columnId, value) {

21
app/assets/javascripts/repositories/renderers/columns/status.js
View file

@ -4,15 +4,16 @@
var StatusColumnHelper = (function() {
function statusSelect(select, url, value) {
var selectedOption = '';
if (value && value.value) {
selectedOption = `<option value="${value.value}">${value.label}</option>`;
}
var selectObject = $(`<select id="${select}"
data-placeholder = "${I18n.t('repositories.table.status.set_status')}"
data-ajax-url = "${url}" ></select>`);
return $(`<select
id="${select}"
data-placeholder = "${I18n.t('repositories.table.status.set_status')}"
data-ajax-url = "${url}"
>${selectedOption}</select>`);
if (value && value.value) {
selectedOption = $(`<option value="${value.value}"></option>`);
selectedOption.text(value.label);
selectedOption.appendTo(selectObject);
}
return selectObject;
}
function statusHiddenField(formId, columnId, value) {
@ -46,7 +47,9 @@ var StatusColumnHelper = (function() {
},
tagClass: 'emoji-status',
tagLabel: (data) => {
return twemoji.parse(data.label);
var render = $('<div>').html(twemoji.parse(data.label));
render.find(':not(img)').remove();
return render.html();
}
});
}

2
app/assets/javascripts/sitewide/dropdown_selector.js
View file

@ -637,8 +637,6 @@ var dropdownSelector = (function() {
<i class="fas fa-times ${selector.data('config').singleSelect ? 'hidden' : ''}"></i>
</div>`).insertBefore(container.find('.input-field .search-field'));
console.log(selector.data('config').labelHTML);
if (selector.data('config').labelHTML) {
tag.find('.tag-label').html(label);
} else {

3
app/serializers/repository_datatable/repository_checklist_value_serializer.rb
View file

@ -2,8 +2,9 @@
module RepositoryDatatable
class RepositoryChecklistValueSerializer < RepositoryBaseValueSerializer
include InputSanitizeHelper
def value
object.data
object.data.each { |i| i[:label] = escape_input(i[:label]) }
end
end
end

3
app/serializers/repository_datatable/repository_list_value_serializer.rb
View file

@ -2,10 +2,11 @@
module RepositoryDatatable
class RepositoryListValueSerializer < RepositoryBaseValueSerializer
include InputSanitizeHelper
def value
{
id: (object.repository_list_item&.id || ''),
text: (object.data || '')
text: (escape_input(object.data) || '')
}
end
end

3
app/serializers/repository_datatable/repository_status_value_serializer.rb
View file

@ -2,11 +2,12 @@
module RepositoryDatatable
class RepositoryStatusValueSerializer < RepositoryBaseValueSerializer
include InputSanitizeHelper
def value
{
id: object.repository_status_item.id,
icon: object.repository_status_item.icon,
status: object.repository_status_item.status
status: escape_input(object.repository_status_item.status)
}
end
end