Edgewall Software

Opened 10 years ago

Closed 9 years ago

#8663 closed defect (fixed)

Javascript in Query page doesn't work if a component name has double-quotes in it

Reported by: trac.edgewall.org@… Owned by: Remy Blank
Priority: normal Milestone: 0.12.1
Component: report system Version: 0.11
Severity: normal Keywords: javascript json
Cc: Branch:
Release Notes:
API Changes:


I had a component name that had double quotes in it, i.e. it was called:

M3 - Stable "Release" with License detection

it made the Javascript on the Query page fail with the following error:

Error: missing ] after element list
Source File: https://myserver/trac/query
Line: 310, Column: 26
Source Code:
            "M3 - Stable "Release" with License detection", 

The javascript generated was indeed:

      <script type="text/javascript">
        var properties={
          status: { type: "radio", label: "Status"
          , options: [
          milestone: { type: "select", label: "Milestone"
          , options: [
            "M1 - The awakening",
            "M1.5 - Complete demo",
            "M2 - Walking with a stick",
            "M3 - Stable "Release" with License detection",
            "M4 - Better matching, and better usability",
            "M5 - File type, license detection, maven",

Note how the Javascript is incorrect.

The result of that, is that the javascript for "add filter" would not work. It would "gracefully fail", i.e. the add_filter woud work, but the page would reload everytime I would want to change the filter. Very slow, because it would reload all the tickets, thus barely usable.

This "graceful failure" was very nice, except… that because of it, it took me a *long time* to realize that I had lost a great feature: when it started occuring (when I named my milestone), I didn't realize immediately that it had broken the query page !

Maybe a less "graceful" failure would have been better in this case ?

Anyhow, the fix is simply to escape the quotes in the template. I'm not familiar enough with Genshi to fix it, but I suppose the fix is around this line in trac/tickets/templates/query.html:

          <py:if test="'options' in field">, options: [
            <py:for each="option, sep in separated(field.options)">"$option"$sep

Attachments (0)

Change History (6)

comment:1 by anonymous, 10 years ago

Resolution: invalid
Status: newclosed

Actually, this problem has been fixed already; the javascript is now escaped:

	        <py:for each="(field_name, field), sep in separated(fields.iteritems())">
	          $field_name: { type: "${javascript_quote(field.type)}", label: "${javascript_quote(field.label)}"
	          <py:if test="'options' in field">, options: [
	            <py:for each="option, sep in separated(field.options)">"${javascript_quote(option)}"$sep

I'm marking it as invalid.

comment:2 by Christian Boos, 10 years ago

Resolution: invalid
Status: closedreopened

comment:3 by Christian Boos, 10 years ago

Keywords: javascript json added
Milestone: 0.13

The proper resolution would have be worksforme, as we prefer to use invalid for tickets which are real garbage (test tickets or tickets addressing the wrong Trac).

In this case, you point to a part of the code which I never really liked, I think we shouldn't use Genshi for generating Javascript data piecewise, as it's very error prone and I wouldn't be surprised there could be other issues.

I think we actually need a to_json() utility function, in either trac.util.text or trac.util.presentation, which can be used inside templates for situations like that, but could also be very useful for responding to some XHRs.

Remy feel free to retarget to 0.12 if you feel this could complement #7111 ;-)

in reply to:  3 comment:4 by Remy Blank, 10 years ago

Replying to cboos:

Remy feel free to retarget to 0.12 if you feel this could complement #7111 ;-)

I'm done with the rewrite in #7111, but I need some more testing before committing.

comment:5 by Remy Blank, 9 years ago

Milestone: next-major-0.1X0.13
Owner: set to Remy Blank
Status: reopenednew

We now have to_json() and even add_script_data(), which will come in handy here.

comment:6 by Remy Blank, 9 years ago

Resolution: fixed
Status: newclosed

Migrated to add_script_data() in [9958].

Modify Ticket

Change Properties
Set your email in Preferences
as closed The owner will remain Remy Blank.
The resolution will be deleted. Next status will be 'reopened'.
to as closed The owner will be changed from Remy Blank to the specified user.

Add Comment

E-mail address and name can be saved in the Preferences .
Note: See TracTickets for help on using tickets.