Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIX Avoid double escaping values when printing a gridfield #11598

Merged
merged 1 commit into from
Feb 11, 2025
Merged

FIX Avoid double escaping values when printing a gridfield #11598

merged 1 commit into from
Feb 11, 2025

Conversation

GuySartorelli
Copy link
Member

@GuySartorelli GuySartorelli commented Feb 9, 2025
edited
Loading

See #11596 (comment) for some more background on this PR.

The tests speak volumes here. Raw strings, DBHTML* instances and DBText all gave different results and had to have some special handling in the code here. If anything looks weird in the code, the reason is probably "without that, the test fails". Failures were either double escaping or new XSS vectors, both of which this PR now avoids.

Issue

#11596

@GuySartorelli GuySartorelli force-pushed the pulls/5/gridfield-print-escaping branch from 90627a1 to 5c2a259 Compare February 9, 2025 23:24
@GuySartorelli GuySartorelli mentioned this pull request Feb 9, 2025
Closed
2 tasks
@GuySartorelli GuySartorelli force-pushed the pulls/5/gridfield-print-escaping branch from 5c2a259 to b8d7202 Compare February 9, 2025 23:27
emteknetnz
emteknetnz requested changes Feb 11, 2025
View reviewed changes
@GuySartorelli GuySartorelli force-pushed the pulls/5/gridfield-print-escaping branch from b8d7202 to 5a5b190 Compare February 11, 2025 00:34
emteknetnz
emteknetnz requested changes Feb 11, 2025
View reviewed changes
Copy link
Member

@emteknetnz emteknetnz left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Testing locally it does not appear to work, it behaves no differently from 5.x-dev i.e. the "Type" column is still html encoded - I have double checked I have the latest PR hash

image

@GuySartorelli
Copy link
Member Author

See silverstripe/silverstripe-elemental#1314 (comment) - both PRs are needed. That one deals with the narrow scope of that report, where this one deals with the wider scope of reports in general.

@emteknetnz emteknetnz merged commit 61a384d into silverstripe:5 Feb 11, 2025
17 checks passed
@emteknetnz emteknetnz deleted the pulls/5/gridfield-print-escaping branch February 11, 2025 22:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emteknetnz emteknetnz emteknetnz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@GuySartorelli @emteknetnz