proxmox-mirrors/proxmox-widget-toolkit
1
0
Fork 1
mirror of https://git.proxmox.com/git/proxmox-widget-toolkit synced 2025-07-22 12:47:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

apt: add missing htmlEncode to qtip

Browse Source 
to avoid interpreting html tags in the values.

When setting a tooltip via the `data-qtip` attribute, the contents
needs to be double-encoded. Ext.js internally uses `innerHTML` to
apply the generated HTML, which undoes one layer of encoding in case
of `data-qtip`.

Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
This commit is contained in:
Friedrich Weber 2025-01-15 14:49:38 +01:00 committed by Fabian Grünbichler
parent 9d5d6a7815
commit f26346a597
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/node/APTRepositories.js
View File

@ -270,7 +270,7 @@ Ext.define('Proxmox.node.APTRepositoriesGrid', {
let txt = [gettext('Warning')]; let txt = [gettext('Warning')];
record.data.warnings.forEach((warning) => { record.data.warnings.forEach((warning) => {
if (warning.property === 'Suites') { if (warning.property === 'Suites') {
txt.push(warning.message); txt.push(Ext.htmlEncode(warning.message));
} }
}); });
metaData.tdAttr = `data-qtip="${Ext.htmlEncode(txt.join('<br>'))}"`; metaData.tdAttr = `data-qtip="${Ext.htmlEncode(txt.join('<br>'))}"`;
@ -305,7 +305,7 @@ Ext.define('Proxmox.node.APTRepositoriesGrid', {
? gettext('The no-subscription repository is NOT production-ready') ? gettext('The no-subscription repository is NOT production-ready')
: gettext('The test repository may contain unstable updates') : gettext('The test repository may contain unstable updates')
; ;
metaData.tdAttr = `data-qtip="${Ext.htmlEncode(qtip)}"`; metaData.tdAttr = `data-qtip="${Ext.htmlEncode(Ext.htmlEncode(qtip))}"`;
} }
} }
return components.join(' ') + err; return components.join(' ') + err;