Skip to content

Commit

Permalink
fixed escrape cell-content for thumbnails (#781)
Browse files Browse the repository at this point in the history
  • Loading branch information
@wachterjohannes @danrot
wachterjohannes authored and danrot committed Mar 27, 2018
1 parent 57250c5 commit 12e2e1a
Show file tree
Hide file tree
Showing 5 changed files with 46 additions and 25 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
# CHANGELOG for husky

* dev-master
* HOTFIX #781 Fixed escape cell-content for thumbnails

* 0.30.4 (2018-03-19)
* ENHANCEMENT #779 Avoid expand ids to be added to datagrid request
* HOTFIX #778 Fixed paragraphs and breaks in paste from word plugin
Expand Down
33 changes: 21 additions & 12 deletions dist/husky.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31295,7 +31295,7 @@ define('husky_components/datagrid/decorators/table-view',[],function() {
this.sandbox.util.foreach(this.datagrid.matchings, function(column) {
$headerCell = this.sandbox.dom.createElement(templates.headerCell);

if (!!column.class && typeof column.class === 'string') {
if (!!column.class && typeof column.class === this.datagrid.types.STRING) {
this.sandbox.dom.addClass($headerCell, column.class);
}

Expand Down Expand Up @@ -31551,14 +31551,14 @@ define('husky_components/datagrid/decorators/table-view',[],function() {
if (!!this.options.selectItem && this.options.selectItem.inFirstCell === true && index === 0) {
this.sandbox.dom.attr($cell, 'colspan', 2);
selectItem = this.renderRowSelectItem(record.id, true);
if (typeof content === 'string') {
if (typeof content === this.datagrid.types.STRING) {
content = selectItem + content;
} else {
this.sandbox.dom.prepend(content, selectItem);
}
}

if (!!column.class && typeof column.class === 'string') {
if (!!column.class && typeof column.class === this.datagrid.types.STRING) {
this.sandbox.dom.addClass($cell, column.class);
}
if (column.type === this.datagrid.types.THUMBNAILS) {
Expand Down Expand Up @@ -31596,7 +31596,7 @@ define('husky_components/datagrid/decorators/table-view',[],function() {
* @returns {String|Object} the dom object for the cell content or html
*/
getCellContent: function(record, column, $cell) {
var content = this.sandbox.util.escapeHtml(record[column.attribute]);
var content = record[column.attribute];
if (!!column.type && column.type === this.datagrid.types.THUMBNAILS) {
content = this.datagrid.manipulateContent(content, column.type, this.options.thumbnailFormat);
content = this.sandbox.util.template(templates.img)({
Expand All @@ -31606,6 +31606,14 @@ define('husky_components/datagrid/decorators/table-view',[],function() {
this.options.noImgIcon(record) : this.options.noImgIcon
});
} else {
if (!column.type
|| column.type === this.datagrid.types.STRING
|| column.type === this.datagrid.types.TITLE
) {
// escape cell-content only for string typed columns
content = this.sandbox.util.escapeHtml(content);
}

content = this.datagrid.processContentFilter(
column.attribute,
content,
Expand Down Expand Up @@ -31685,7 +31693,7 @@ define('husky_components/datagrid/decorators/table-view',[],function() {
* @returns {String|Object} html or a dom object
*/
getEditableCellContent: function(content, columnName, type) {
type = !!type ? type : 'string';
type = !!type ? type : this.datagrid.types.STRING;
var options = !!this.options.editableOptions[columnName] ? this.options.editableOptions[columnName] : {};

return this.sandbox.util.template(templates.editableCellContent[type], {
Expand Down Expand Up @@ -31720,7 +31728,7 @@ define('husky_components/datagrid/decorators/table-view',[],function() {
});
if (typeof content === 'object') {
this.sandbox.dom.append(content, iconStr);
} else if (typeof content === 'string') {
} else if (typeof content === this.datagrid.types.STRING) {
content += iconStr;
}
if (iconItem.actionIcon === true) {
Expand Down Expand Up @@ -31756,7 +31764,7 @@ define('husky_components/datagrid/decorators/table-view',[],function() {
);
if (typeof content === 'object') {
this.sandbox.dom.prepend(content, badgeStr);
} else if (typeof content === 'string') {
} else if (typeof content === this.datagrid.types.STRING) {
content = badgeStr + content;
}
}
Expand Down Expand Up @@ -31785,7 +31793,7 @@ define('husky_components/datagrid/decorators/table-view',[],function() {

if (typeof content === 'object') {
$(content).wrap(['<span class="', cssClass, '" />'].join(''));
} else if (typeof content === 'string') {
} else if (typeof content === this.datagrid.types.STRING) {
content = ['<span class="', cssClass, '">', content, "</span>"].join('');
}
}
Expand Down Expand Up @@ -31879,7 +31887,7 @@ define('husky_components/datagrid/decorators/table-view',[],function() {
this.sandbox.dom.removeAttr($contentContainer, 'title');
this.tableCropped = false;
}
this.sandbox.dom.html($contentContainer, content);
this.sandbox.dom.text($contentContainer, content);
}
}.bind(this));
}.bind(this));
Expand Down Expand Up @@ -33505,6 +33513,7 @@ define('husky_components/datagrid/decorators/infinite-scroll-pagination',[],func
},

types = {
STRING: 'string',
DATE: 'date',
DATETIME: 'datetime',
THUMBNAILS: 'thumbnails',
Expand Down Expand Up @@ -34239,7 +34248,7 @@ define('husky_components/datagrid/decorators/infinite-scroll-pagination',[],func
var def = this.sandbox.data.deferred();

var matchings = this.options.matchings;
if (typeof(matchings) === 'string') {
if (typeof(matchings) === types.STRING) {
// Load matchings/fields from url
this.loading();
this.loadMatchings({
Expand Down Expand Up @@ -34305,7 +34314,7 @@ define('husky_components/datagrid/decorators/infinite-scroll-pagination',[],func
matchingObject.attribute = matching.name;
} else if (key === 'sortable') {
matchingObject.sortable = matching.sortable;
if (typeof matching.sortable === 'string') {
if (typeof matching.sortable === types.STRING) {
matchingObject.sortable = JSON.parse(matching.sortable);
}
} else {
Expand Down Expand Up @@ -34902,7 +34911,7 @@ define('husky_components/datagrid/decorators/infinite-scroll-pagination',[],func
// check if filter is function or string and call filter
if (typeof this.options.contentFilters[attributeName] === 'function') {
return this.options.contentFilters[attributeName].call(this, content, argument, recordId);
} else if (typeof this.options.contentFilters[attributeName] === 'string') {
} else if (typeof this.options.contentFilters[attributeName] === types.STRING) {
type = this.options.contentFilters[attributeName];
return this.manipulateContent(content, type, argument, attributeName);
}
Expand Down
2 changes: 1 addition & 1 deletion dist/husky.min.js
View file

Large diffs are not rendered by default.

26 changes: 17 additions & 9 deletions husky_components/datagrid/decorators/table-view.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -487,7 +487,7 @@ define(function() {
this.sandbox.util.foreach(this.datagrid.matchings, function(column) {
$headerCell = this.sandbox.dom.createElement(templates.headerCell);

if (!!column.class && typeof column.class === 'string') {
if (!!column.class && typeof column.class === this.datagrid.types.STRING) {
this.sandbox.dom.addClass($headerCell, column.class);
}

Expand Down Expand Up @@ -743,14 +743,14 @@ define(function() {
if (!!this.options.selectItem && this.options.selectItem.inFirstCell === true && index === 0) {
this.sandbox.dom.attr($cell, 'colspan', 2);
selectItem = this.renderRowSelectItem(record.id, true);
if (typeof content === 'string') {
if (typeof content === this.datagrid.types.STRING) {
content = selectItem + content;
} else {
this.sandbox.dom.prepend(content, selectItem);
}
}

if (!!column.class && typeof column.class === 'string') {
if (!!column.class && typeof column.class === this.datagrid.types.STRING) {
this.sandbox.dom.addClass($cell, column.class);
}
if (column.type === this.datagrid.types.THUMBNAILS) {
Expand Down Expand Up @@ -788,7 +788,7 @@ define(function() {
* @returns {String|Object} the dom object for the cell content or html
*/
getCellContent: function(record, column, $cell) {
var content = this.sandbox.util.escapeHtml(record[column.attribute]);
var content = record[column.attribute];
if (!!column.type && column.type === this.datagrid.types.THUMBNAILS) {
content = this.datagrid.manipulateContent(content, column.type, this.options.thumbnailFormat);
content = this.sandbox.util.template(templates.img)({
Expand All @@ -798,6 +798,14 @@ define(function() {
this.options.noImgIcon(record) : this.options.noImgIcon
});
} else {
if (!column.type
|| column.type === this.datagrid.types.STRING
|| column.type === this.datagrid.types.TITLE
) {
// escape cell-content only for string typed columns
content = this.sandbox.util.escapeHtml(content);
}

content = this.datagrid.processContentFilter(
column.attribute,
content,
Expand Down Expand Up @@ -877,7 +885,7 @@ define(function() {
* @returns {String|Object} html or a dom object
*/
getEditableCellContent: function(content, columnName, type) {
type = !!type ? type : 'string';
type = !!type ? type : this.datagrid.types.STRING;
var options = !!this.options.editableOptions[columnName] ? this.options.editableOptions[columnName] : {};

return this.sandbox.util.template(templates.editableCellContent[type], {
Expand Down Expand Up @@ -912,7 +920,7 @@ define(function() {
});
if (typeof content === 'object') {
this.sandbox.dom.append(content, iconStr);
} else if (typeof content === 'string') {
} else if (typeof content === this.datagrid.types.STRING) {
content += iconStr;
}
if (iconItem.actionIcon === true) {
Expand Down Expand Up @@ -948,7 +956,7 @@ define(function() {
);
if (typeof content === 'object') {
this.sandbox.dom.prepend(content, badgeStr);
} else if (typeof content === 'string') {
} else if (typeof content === this.datagrid.types.STRING) {
content = badgeStr + content;
}
}
Expand Down Expand Up @@ -977,7 +985,7 @@ define(function() {

if (typeof content === 'object') {
$(content).wrap(['<span class="', cssClass, '" />'].join(''));
} else if (typeof content === 'string') {
} else if (typeof content === this.datagrid.types.STRING) {
content = ['<span class="', cssClass, '">', content, "</span>"].join('');
}
}
Expand Down Expand Up @@ -1071,7 +1079,7 @@ define(function() {
this.sandbox.dom.removeAttr($contentContainer, 'title');
this.tableCropped = false;
}
this.sandbox.dom.html($contentContainer, content);
this.sandbox.dom.text($contentContainer, content);
}
}.bind(this));
}.bind(this));
Expand Down
7 changes: 4 additions & 3 deletions husky_components/datagrid/main.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@
},

types = {
STRING: 'string',
DATE: 'date',
DATETIME: 'datetime',
THUMBNAILS: 'thumbnails',
Expand Down Expand Up @@ -828,7 +829,7 @@
var def = this.sandbox.data.deferred();

var matchings = this.options.matchings;
if (typeof(matchings) === 'string') {
if (typeof(matchings) === types.STRING) {
// Load matchings/fields from url
this.loading();
this.loadMatchings({
Expand Down Expand Up @@ -894,7 +895,7 @@
matchingObject.attribute = matching.name;
} else if (key === 'sortable') {
matchingObject.sortable = matching.sortable;
if (typeof matching.sortable === 'string') {
if (typeof matching.sortable === types.STRING) {
matchingObject.sortable = JSON.parse(matching.sortable);
}
} else {
Expand Down Expand Up @@ -1491,7 +1492,7 @@
// check if filter is function or string and call filter
if (typeof this.options.contentFilters[attributeName] === 'function') {
return this.options.contentFilters[attributeName].call(this, content, argument, recordId);
} else if (typeof this.options.contentFilters[attributeName] === 'string') {
} else if (typeof this.options.contentFilters[attributeName] === types.STRING) {
type = this.options.contentFilters[attributeName];
return this.manipulateContent(content, type, argument, attributeName);
}
Expand Down

0 comments on commit 12e2e1a

Please sign in to comment.