Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[Admin] escape values on UI (#13129)
* [Admin] Escape values on UI - Properties

* [Admin] Escape values on UI - Notifications

* [Admin] Escape values on UI - Notifications
  • Loading branch information
dvesh3 committed Sep 13, 2022
1 parent 2675fa3 commit 0508c49
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 6 deletions.
Expand Up @@ -439,7 +439,7 @@ pimcore.element.properties = Class.create({

getTypeRenderer: function (value, metaData, record, rowIndex, colIndex, store) {

return '<div class="pimcore_icon_' + value + '" name="' + record.data.name + '">&nbsp;</div>';
return '<div class="pimcore_icon_' + value + '" name="' + Ext.util.Format.htmlEncode(record.data.name) + '">&nbsp;</div>';
},

getCellRenderer: function (value, metaData, record, rowIndex, colIndex, store) {
Expand Down
Expand Up @@ -76,8 +76,8 @@ pimcore.notification.helper.showNotifications = function (notifications) {
});
var notification = Ext.create('Ext.window.Toast', {
iconCls: 'pimcore_icon_' + row.type,
title: row.title,
html: row.message,
title: Ext.util.Format.htmlEncode(row.title),
html: Ext.util.Format.htmlEncode(row.message),
autoShow: true,
width: 400,
height: 150,
Expand Down Expand Up @@ -136,8 +136,8 @@ pimcore.notification.helper.openDetailsWindow = function (id, title, message, ty
var notification = new Ext.Window({
modal: true,
iconCls: 'pimcore_icon_' + type,
title: title,
html: message,
title: Ext.util.Format.htmlEncode(title),
html: Ext.util.Format.htmlEncode(message),
autoShow: true,
width: 700,
height: 350,
Expand Down
Expand Up @@ -79,13 +79,14 @@ pimcore.notification.panel = Class.create({
dataIndex: 'title',
renderer: function (val, metaData, record, rowIndex, colIndex, store) {
var read = parseInt(store.getAt(rowIndex).get("read"));
val = Ext.util.Format.htmlEncode(val);
if (read == 0) {
return '<strong style="font-weight: bold;">' + val + '</strong>'; // css style need to be added
}
return val;
}
},
{header: t("sender"), flex: 2, sortable: false, dataIndex: 'sender'},
{header: t("sender"), flex: 2, sortable: false, dataIndex: 'sender', renderer: Ext.util.Format.htmlEncode},
{header: t("date"), flex: 3, sortable: true, filter: 'date', dataIndex: 'date'},
{
header: t("attachment"),
Expand Down

0 comments on commit 0508c49

Please sign in to comment.