Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removes double escaping in siteselector tooltip #16073

Merged
merged 1 commit into from Jul 5, 2020
Merged

Removes double escaping in siteselector tooltip #16073

merged 1 commit into from Jul 5, 2020

Conversation

sgiehl
Copy link
Member

@sgiehl sgiehl commented Jun 16, 2020

checked with website titles like <b>test</b> or {{CONSTRUCTOR.CONSTRUCTOR("_X()")()}} if removing the escape opens up some html or angular execution, but seems the content is still encoded once.

fixes #16072

@sgiehl sgiehl added not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org. Needs Review PRs that need a code review labels Jun 16, 2020
@sgiehl sgiehl added this to the 4.0.0 milestone Jun 16, 2020
@tsteur tsteur modified the milestones: 4.0.0, 4.0.0 RC Jun 16, 2020
mattab
mattab reviewed Jun 16, 2020
View reviewed changes
plugins/CoreHome/angularjs/siteselector/siteselector.directive.html
@@ -16,7 +16,7 @@
<a ng-click="view.showSitesList=!view.showSitesList; view.showSitesList && !model.isLoading && model.loadInitialSites();"
piwik-onenter="view.showSitesList=!view.showSitesList; view.showSitesList && !model.isLoading && model.loadInitialSites();"
href="javascript:void(0)"
title="{{ 'CoreHome_ChangeCurrentWebsite'|translate:((selectedSite.name || model.firstSiteName)|escape) }}"
title="{{ 'CoreHome_ChangeCurrentWebsite'|translate:((selectedSite.name || model.firstSiteName)) }}"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what about using |e('html') for the html attribute?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can't use that in an attribute

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also btw this is angular not twig

@diosmosis diosmosis merged commit 4161571 into 4.x-dev Jul 5, 2020
@diosmosis diosmosis deleted the doubleescape branch July 5, 2020 19:47
@mattab mattab modified the milestones: 4.0.0-RC, 4.0.0 Sep 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tsteur tsteur tsteur left review comments

@mattab mattab mattab left review comments

Assignees
No one assigned
Labels
Needs Review PRs that need a code review not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org.
Projects
None yet
Milestone
4.0.0
Development

Successfully merging this pull request may close these issues.

The display problem of piwik-siteselector in asia language environment
4 participants
@sgiehl @tsteur @mattab @diosmosis