[MAGNOLIA-3721] Dialog multiselect does not escape single quotes Created: 01/Jun/11  Updated: 16/Aug/11  Resolved: 26/Jul/11

Status: Closed
Project: Magnolia
Component/s: gui
Affects Version/s: 4.4.3
Fix Version/s: 4.4.5

Type: Bug Priority: Neutral
Reporter: Vincent Gombert Assignee: Daniel Lipp
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

Using dialog multiselect to manage a list of labels (no choose button) will fail if a label contains a single quote (') as it is not escaped in JSON string.

Fixing this bug seems simple : just escape single quotes in method getJSON() of class DialogMultiSelect
Line 199:

value = value.replaceAll("\\'", "\\\\\\'");



 Comments   
Comment by Magnolia International [ 07/Jun/11 ]

Hey Vincent,

Thanks for the report! tentatively scheduling this for the next bugfix release.

While reviewing the patch, can someone check if there's a more generic fix for this problem (i.e are there other chars that might need escaping?)

Comment by Daniel Lipp [ 26/Jul/11 ]

As it was confirmed that we'd need to escape all for JavaScript I used:

    org.apache.commons.lang.StringEscapeUtils.escapeJavaScript(value)
Generated at Mon Feb 12 03:49:03 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.