Univention Bugzilla – Bug 35324
Double escape of HTML for app's name and description
Last modified: 2016-03-02 13:25:50 CET
Characters used in an app's name or version are correctly escaped by python. Unfortunately, these are escaped again by the AppCenterGalleryPane. The put-selector escapes automatically with no option to disable it. But we need the escaping both in frontend and backend for UCR variables, XML files, title attributes, etc. So this has to be fixed in AppCenterGalleryPane's renderRow. Note that modules in "Installed Modules" are escaped correctly - the backend sends unescaped module definitions in modules/list
I meant "app's name or description" not "app's name or version"
This now also holds for Maintainer / Vendor in the 4.1 overview
Ticket#2015121821000314
Bug #39814 maybe a duplicate to this one.
*** Bug 39814 has been marked as a duplicate of this bug. ***
The values aren't encoded in the backend anymore. All escaping has been moved to the frontend. univention-appcenter (5.0.20-6): r67667 | Bug #35324: Fix HTML encoding univention-appcenter.yaml: r67668 | YAML Bug #35324
The following attributes are not escaped in DetailsPage: Name (Module headline (thick line) and Module title (Tab line), although the latter one is probably a UMC problem) Version If Description is empty (None), ucr commit /usr/share/univention-management-console/modules/apps.xml traces: File: /usr/share/univention-management-console/modules/apps.xml Traceback (most recent call last): File "<stdin>", line 32, in <module> File "/usr/lib/python2.7/cgi.py", line 1035, in escape s = s.replace("&", "&") # Must be done first! AttributeError: 'NoneType' object has no attribute 'replace'
(In reply to Dirk Wiesenthal from comment #7) > The following attributes are not escaped in DetailsPage: > Name (Module headline (thick line) and Module title (Tab line), although > the latter one is probably a UMC problem) > Version Fixed. It's btw not DetailsPage but AppDetailsPage! > If Description is empty (None), ucr commit > /usr/share/univention-management-console/modules/apps.xml traces: > File: /usr/share/univention-management-console/modules/apps.xml > Traceback (most recent call last): > File "<stdin>", line 32, in <module> > File "/usr/lib/python2.7/cgi.py", line 1035, in escape > s = s.replace("&", "&") # Must be done first! > AttributeError: 'NoneType' object has no attribute 'replace' Yes, i added a "or ''" for each item.
OK: Works OK: YAML
<http://errata.software-univention.de/ucs/4.1/123.html>