Univention Bugzilla – Bug 53412
AppCenter UMC: data-dojo-props are not escaped
Last modified: 2021-06-23 15:55:43 CEST
This is a problem for all occurrences with variables. Example: <div class="umcAppSidebarButton ucsPrimaryButton" data-dojo-type="umc/widgets/Button" data-dojo-attach-event="click:_onClick" data-dojo-props=" name: 'installations', label: '\${buttonLabel}' " > Here, buttonLabel may not include a single quote. This is not the case in German and English. But it may for French. We should double check all data-dojo-props. We used it extensively in the App Center, but better check in all of UMC. One fix would be to remove the declarative part with data-dojo-type and replace it with data-dojo-attach-node. From there, we can add Dijits programatically, where escaping is done by Dojo. +++ This bug was initially created as a clone of Bug #53384 +++ AppCenter UMC: AppCenter breaks for apps with single quote in name (Let's Encrypt) If apps contain a single quote in their name the appcenter javascript breaks. How to reproduce: activate the test appcenter Open the Let's Encrypt app I attached a temporary fix which fixes single quotes but breaks double quotes...
The problem was with using string interpolation in data-dojo-props. If the var contained an apostrophe then the syntax is broken. The fix uses references instead. fc5f3882b8 Bug #53412: yaml 2f20b3121f Bug #53412: yaml 0ba0ab0cec Bug #53412: debian changelog 73a99855a4 Bug #53412: use vars in data-dojo-props Successful build Package: univention-appcenter Version: 9.0.2-51A~5.0.0.202106171210 Branch: ucs_5.0-0 Scope: errata5.0-0
Created attachment 10751 [details] French App Center Works with French translations
App Center: OK with French Code: OK, no more ${variables} in props in ucs.git YAML: OK
<https://errata.software-univention.de/#/?erratum=5.0x28>