Modify

Opened 3 years ago

Closed 3 years ago

#9444 closed defect (fixed)

[Patch] Quotes in the summary have backslashes added

Reported by: rjollos Owned by: ChrisNelson
Priority: normal Component: TracJsGanttPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

If the summary contains quotes, backslashes are added. For example, this ticket has the summary Develop the "Freeze Display" feature of the system:


Attachments (1)

SummaryWithQuotes.png (10.0 KB) - added by rjollos 3 years ago.

Download all attachments as: .zip

Change History (9)

Changed 3 years ago by rjollos

comment:1 follow-up: Changed 3 years ago by ChrisNelson

Is this new behavior since the change to using javascript_quote()?

comment:2 in reply to: ↑ 1 Changed 3 years ago by rjollos

  • Summary changed from Quotes in the summary have backslashes added to [Patch] Quotes in the summary have backslashes added

Replying to ChrisNelson:

Is this new behavior since the change to using javascript_quote()?

Yeah, this is tested with r10837. The issue is that javascript_quote is being executed twice on the items that build up the name string. Here is a patch:

  • 0.11/tracjsgantt/tracjsgantt.py

     
    940944                   (ticket['id'], javascript_quote(ticket['summary']), 
    941945                    javascript_quote(ticket['status']), 
    942946                    javascript_quote(ticket['type'])) 
    943         task += 't = new JSGantt.TaskItem(%d,"%s",' % (ticket['id'], javascript_quote(name)) 
     947        task += 't = new JSGantt.TaskItem(%d,"%s",' % (ticket['id'], name) 
    944948 
    945949        # pStart, pEnd 
    946950        task += '"%s",' % ticket['calc_start'].strftime(self.pyDateFormat) 

A second way to fix it would be to just escape the name string after it is created, which might make it more obvious that the string being executed as javascript is properly escaped.

  • 0.11/tracjsgantt/tracjsgantt.py

     
    931935        if ticket['type'] == self.milestoneType: 
    932936            if ticket['id'] < self.firstMilestoneID: 
    933937                # Put ID number on inchpebbles 
    934                 name = 'MS:%s (#%s)' % (javascript_quote(ticket['summary']), ticket['id']) 
     938                name = 'MS:%s (#%s)' % (ticket['summary'], ticket['id']) 
    935939            else: 
    936940                # Don't show bogus ID of milestone pseudo tickets. 
    937941                name = 'MS:%s' % ticket['summary'] 
    938942        else: 
    939943            name = "#%d:%s (%s %s)" % \ 
    940                    (ticket['id'], javascript_quote(ticket['summary']), 
    941                     javascript_quote(ticket['status']), 
    942                     javascript_quote(ticket['type'])) 
     944                   (ticket['id'], ticket['summary'], ticket['status'],  ticket['type']) 
    943945        task += 't = new JSGantt.TaskItem(%d,"%s",' % (ticket['id'], javascript_quote(name)) 
    944946 
    945947        # pStart, pEnd 

If you go with the first patch, you'll probably also want to fix this missing javascript_quote call (which is fixed implicitly by the second patch):

  • 0.11/tracjsgantt/tracjsgantt.py

     
    934938                name = 'MS:%s (#%s)' % (javascript_quote(ticket['summary']), ticket['id']) 
    935939            else: 
    936940                # Don't show bogus ID of milestone pseudo tickets. 
    937                 name = 'MS:%s' % ticket['summary'] 
     941                name = 'MS:%s' % javascript_quote(ticket['summary']) 
    938942        else: 
    939943            name = "#%d:%s (%s %s)" % \ 
    940944                   (ticket['id'], javascript_quote(ticket['summary']), 

comment:3 Changed 3 years ago by anonymous

  • Owner changed from ChrisNelson to anonymous
  • Status changed from new to assigned

comment:4 Changed 3 years ago by ChrisNelson

  • Owner changed from anonymous to ChrisNelson
  • Status changed from assigned to new

comment:5 Changed 3 years ago by ChrisNelson

(In [10860]) Only protect strings once. Refs #9444.

The parts of the task name were processed with javascript_quote() then
the name was processed, too. This resulted in things like '\"' showing
up in the chart if there were quotes in tickets summaries.

comment:6 Changed 3 years ago by ChrisNelson

(In [10861]) Minor white space clean up. Refs #9444.

comment:7 Changed 3 years ago by ChrisNelson

  • Status changed from new to assigned

comment:8 Changed 3 years ago by rjollos

  • Resolution set to fixed
  • Status changed from assigned to closed

I've tested at r10876 and I'm seeing that this issue is resolved.

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from ChrisNelson. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.