Opened 13 years ago
Closed 13 years ago
#9444 closed defect (fixed)
[Patch] Quotes in the summary have backslashes added
| Reported by: | Ryan J Ollos | Owned by: | Chris Nelson |
|---|---|---|---|
| Priority: | normal | Component: | TracJsGanttPlugin |
| Severity: | normal | Keywords: | |
| Cc: | Trac Release: | 0.11 |
Description
If the summary contains quotes, backslashes are added. For example, this ticket has the summary Develop the "Freeze Display" feature of the system:
Attachments (1)
Change History (9)
Changed 13 years ago by
| Attachment: | SummaryWithQuotes.png added |
|---|
comment:1 follow-up: 2 Changed 13 years ago by
comment:2 Changed 13 years ago by
| Summary: | Quotes in the summary have backslashes added → [Patch] Quotes in the summary have backslashes added |
|---|
Replying to ChrisNelson:
Is this new behavior since the change to using
javascript_quote()?
Yeah, this is tested with r10837. The issue is that javascript_quote is being executed twice on the items that build up the name string. Here is a patch:
-
0.11/tracjsgantt/tracjsgantt.py
940 944 (ticket['id'], javascript_quote(ticket['summary']), 941 945 javascript_quote(ticket['status']), 942 946 javascript_quote(ticket['type'])) 943 task += 't = new JSGantt.TaskItem(%d,"%s",' % (ticket['id'], javascript_quote(name))947 task += 't = new JSGantt.TaskItem(%d,"%s",' % (ticket['id'], name) 944 948 945 949 # pStart, pEnd 946 950 task += '"%s",' % ticket['calc_start'].strftime(self.pyDateFormat)
A second way to fix it would be to just escape the name string after it is created, which might make it more obvious that the string being executed as javascript is properly escaped.
-
0.11/tracjsgantt/tracjsgantt.py
931 935 if ticket['type'] == self.milestoneType: 932 936 if ticket['id'] < self.firstMilestoneID: 933 937 # Put ID number on inchpebbles 934 name = 'MS:%s (#%s)' % ( javascript_quote(ticket['summary']), ticket['id'])938 name = 'MS:%s (#%s)' % (ticket['summary'], ticket['id']) 935 939 else: 936 940 # Don't show bogus ID of milestone pseudo tickets. 937 941 name = 'MS:%s' % ticket['summary'] 938 942 else: 939 943 name = "#%d:%s (%s %s)" % \ 940 (ticket['id'], javascript_quote(ticket['summary']), 941 javascript_quote(ticket['status']), 942 javascript_quote(ticket['type'])) 944 (ticket['id'], ticket['summary'], ticket['status'], ticket['type']) 943 945 task += 't = new JSGantt.TaskItem(%d,"%s",' % (ticket['id'], javascript_quote(name)) 944 946 945 947 # pStart, pEnd
If you go with the first patch, you'll probably also want to fix this missing javascript_quote call (which is fixed implicitly by the second patch):
-
0.11/tracjsgantt/tracjsgantt.py
934 938 name = 'MS:%s (#%s)' % (javascript_quote(ticket['summary']), ticket['id']) 935 939 else: 936 940 # Don't show bogus ID of milestone pseudo tickets. 937 name = 'MS:%s' % ticket['summary']941 name = 'MS:%s' % javascript_quote(ticket['summary']) 938 942 else: 939 943 name = "#%d:%s (%s %s)" % \ 940 944 (ticket['id'], javascript_quote(ticket['summary']),
comment:3 Changed 13 years ago by
| Owner: | changed from Chris Nelson to anonymous |
|---|---|
| Status: | new → assigned |
comment:4 Changed 13 years ago by
| Owner: | changed from anonymous to Chris Nelson |
|---|---|
| Status: | assigned → new |
comment:5 Changed 13 years ago by
comment:7 Changed 13 years ago by
| Status: | new → assigned |
|---|
comment:8 Changed 13 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
I've tested at r10876 and I'm seeing that this issue is resolved.
Is this new behavior since the change to using
javascript_quote()?