Defect #30758: Preview URL in Wiki Toolbar should be escaped - Redmine

Actions

Copy link

Defect #30758

closed

Preview URL in Wiki Toolbar should be escaped

Added by Vincent Robert almost 6 years ago. Updated almost 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Go MAEDA

Category:

Wiki

Target version:

4.0.2

Start date:

Due date:

% Done:

Estimated time:

Resolution:

Fixed

Affected version:

4.0.1

Description

Since Redmine 4.0.0 and the addition of the preview tab, the wiki toolbar is not displayed if the preview url contains single quotes. The url is not escaped and we can see an error in our browser console.
We should escape the preview url:

diff --git a/lib/redmine/wiki_formatting/markdown/helper.rb b/lib/redmine/wiki_formatting/markdown/helper.rb
index fac2f8bf3..fb9f1a939 100644
--- a/lib/redmine/wiki_formatting/markdown/helper.rb
+++ b/lib/redmine/wiki_formatting/markdown/helper.rb
@@ -22,7 +22,7 @@ module Redmine
         def wikitoolbar_for(field_id, preview_url = preview_text_path)
           heads_for_wiki_formatter
           url = "#{Redmine::Utils.relative_url_root}/help/#{current_language.to_s.downcase}/wiki_syntax_markdown.html" 
-          javascript_tag("var wikiToolbar = new jsToolBar(document.getElementById('#{field_id}')); wikiToolbar.setHelpLink('#{escape_javascript url}'); wikiToolbar.setPreviewUrl('#{preview_url}'); wikiToolbar.draw();")
+          javascript_tag("var wikiToolbar = new jsToolBar(document.getElementById('#{field_id}')); wikiToolbar.setHelpLink('#{escape_javascript url}'); wikiToolbar.setPreviewUrl('#{escape_javascript preview_url}'); wikiToolbar.draw();")
         end

         def initial_page_content(page)
diff --git a/lib/redmine/wiki_formatting/textile/helper.rb b/lib/redmine/wiki_formatting/textile/helper.rb
index 6e8ba9812..e536a29dc 100644
--- a/lib/redmine/wiki_formatting/textile/helper.rb
+++ b/lib/redmine/wiki_formatting/textile/helper.rb
@@ -23,7 +23,7 @@ module Redmine
           heads_for_wiki_formatter
           # Is there a simple way to link to a public resource?
           url = "#{Redmine::Utils.relative_url_root}/help/#{current_language.to_s.downcase}/wiki_syntax_textile.html" 
-          javascript_tag("var wikiToolbar = new jsToolBar(document.getElementById('#{field_id}')); wikiToolbar.setHelpLink('#{escape_javascript url}'); wikiToolbar.setPreviewUrl('#{preview_url}'); wikiToolbar.draw();")
+          javascript_tag("var wikiToolbar = new jsToolBar(document.getElementById('#{field_id}')); wikiToolbar.setHelpLink('#{escape_javascript url}'); wikiToolbar.setPreviewUrl('#{escape_javascript preview_url}'); wikiToolbar.draw();")
         end

         def initial_page_content(page)

Files

Download all files

escape_preview_url.diff (1.99 KB) escape_preview_url.diff		Vincent Robert, 2019-02-06 19:10
screenshot.png (207 KB) screenshot.png		Vincent Robert, 2019-02-07 08:18

Related issues

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Redmine

Custom queries

Defect #30758

Preview URL in Wiki Toolbar should be escaped

Updated by Go MAEDA almost 6 years ago

Updated by Vincent Robert almost 6 years ago

Updated by Go MAEDA almost 6 years ago

Updated by Vincent Robert almost 6 years ago

Updated by Go MAEDA almost 6 years ago

Updated by Go MAEDA almost 6 years ago

Updated by Go MAEDA almost 6 years ago

Updated by Vincent Robert almost 6 years ago

Updated by Marius BĂLTEANU almost 6 years ago

Updated by Marius BĂLTEANU over 5 years ago