Opened 15 years ago
Closed 14 years ago
#8663 closed defect (fixed)
Javascript in Query page doesn't work if a component name has double-quotes in it
| Reported by: | Owned by: | Remy Blank | |
|---|---|---|---|
| Priority: | normal | Milestone: | 0.12.1 |
| Component: | report system | Version: | 0.11 |
| Severity: | normal | Keywords: | javascript json |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
I had a component name that had double quotes in it, i.e. it was called:
M3 - Stable "Release" with License detection
it made the Javascript on the Query page fail with the following error:
Error: missing ] after element list
Source File: https://myserver/trac/query
Line: 310, Column: 26
Source Code:
"M3 - Stable "Release" with License detection",
The javascript generated was indeed:
<script type="text/javascript">
var properties={
status: { type: "radio", label: "Status"
, options: [
"assigned",
"closed",
"new",
"reopened",
"review"
]
},
(...)
milestone: { type: "select", label: "Milestone"
, options: [
"M1 - The awakening",
"M1.5 - Complete demo",
"M2 - Walking with a stick",
"M3 - Stable "Release" with License detection",
"M4 - Better matching, and better usability",
"M5 - File type, license detection, maven",
(...)
Note how the Javascript is incorrect.
The result of that, is that the javascript for "add filter" would not work. It would "gracefully fail", i.e. the add_filter woud work, but the page would reload everytime I would want to change the filter. Very slow, because it would reload all the tickets, thus barely usable.
This "graceful failure" was very nice, except… that because of it, it took me a *long time* to realize that I had lost a great feature: when it started occuring (when I named my milestone), I didn't realize immediately that it had broken the query page !
Maybe a less "graceful" failure would have been better in this case ?
Anyhow, the fix is simply to escape the quotes in the template. I'm not familiar enough with Genshi to fix it, but I suppose the fix is around this line in trac/tickets/templates/query.html:
<py:if test="'options' in field">, options: [
<py:for each="option, sep in separated(field.options)">"$option"$sep
</py:for>]
Attachments (0)
Change History (6)
comment:1 by , 15 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
comment:2 by , 15 years ago
| Resolution: | invalid |
|---|---|
| Status: | closed → reopened |
follow-up: 4 comment:3 by , 15 years ago
| Keywords: | javascript json added |
|---|---|
| Milestone: | → 0.13 |
The proper resolution would have be worksforme, as we prefer to use invalid for tickets which are real garbage (test tickets or tickets addressing the wrong Trac).
In this case, you point to a part of the code which I never really liked, I think we shouldn't use Genshi for generating Javascript data piecewise, as it's very error prone and I wouldn't be surprised there could be other issues.
I think we actually need a to_json() utility function, in either trac.util.text or trac.util.presentation, which can be used inside templates for situations like that, but could also be very useful for responding to some XHRs.
Remy feel free to retarget to 0.12 if you feel this could complement #7111 ;-)
comment:4 by , 15 years ago
comment:5 by , 14 years ago
| Milestone: | next-major-0.1X → 0.13 |
|---|---|
| Owner: | set to |
| Status: | reopened → new |
We now have to_json() and even add_script_data(), which will come in handy here.
comment:6 by , 14 years ago
| Milestone: | 0.13 → 0.12.1 |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
Migrated to add_script_data() in [9958].
Actually, this problem has been fixed already; the javascript is now escaped:
<py:for each="(field_name, field), sep in separated(fields.iteritems())"> $field_name: { type: "${javascript_quote(field.type)}", label: "${javascript_quote(field.label)}" <py:if test="'options' in field">, options: [ <py:for each="option, sep in separated(field.options)">"${javascript_quote(option)}"$sep </py:for>]I'm marking it as invalid.