[BUGFIX] Properly encode text in JS in install tool 86/54586/4
authorSusanne Moog <susanne.moog@typo3.com>
Wed, 8 Nov 2017 14:30:11 +0000 (15:30 +0100)
committerMarkus Klein <markus.klein@typo3.org>
Wed, 8 Nov 2017 21:20:57 +0000 (22:20 +0100)
Several times the install tool was using html()
instead of text(). Use text() whenever possible.

Resolves: #82949
Releases: master
Change-Id: I9a199d33f233a3b6c6b82965d4bc169999a3452a
Reviewed-on: https://review.typo3.org/54586
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Reviewed-by: Michael Oehlhof <typo3@oehlhof.de>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
typo3/sysext/install/Resources/Public/JavaScript/Modules/CoreUpdate.js
typo3/sysext/install/Resources/Public/JavaScript/Modules/DatabaseAnalyzer.js
typo3/sysext/install/Resources/Public/JavaScript/Modules/ExtensionScanner.js
typo3/sysext/install/Resources/Public/JavaScript/Modules/FlashMessage.js
typo3/sysext/install/Resources/Public/JavaScript/Modules/InfoBox.js
typo3/sysext/install/Resources/Public/JavaScript/Modules/ProgressBar.js
typo3/sysext/install/Resources/Public/JavaScript/Modules/UpgradeWizards.js

index ec59a51..d08bd43 100644 (file)
@@ -244,7 +244,7 @@ define([
                                domButton.find('button').data('action', action);
                        }
                        if (title) {
-                               domButton.find('button').html(title);
+                               domButton.find('button').text(title);
                        }
                        $(this.selectorOutput).append(domButton);
                },
index 599d0e1..9b8dd87 100644 (file)
@@ -102,13 +102,13 @@ define([
                                                                                aLine.find('.t3js-databaseAnalyzer-suggestion-line-checkbox').attr('checked', 'checked');
                                                                        }
                                                                        aLine.find('.t3js-databaseAnalyzer-suggestion-line-label').attr('for', 't3-install-db-' + hash);
-                                                                       aLine.find('.t3js-databaseAnalyzer-suggestion-line-statement').html(line.statement);
+                                                                       aLine.find('.t3js-databaseAnalyzer-suggestion-line-statement').text(line.statement);
                                                                        if (line.current !== undefined) {
-                                                                               aLine.find('.t3js-databaseAnalyzer-suggestion-line-current-value').html(line.current);
+                                                                               aLine.find('.t3js-databaseAnalyzer-suggestion-line-current-value').text(line.current);
                                                                                aLine.find('.t3js-databaseAnalyzer-suggestion-line-current').show();
                                                                        }
                                                                        if (line.rowCount !== undefined) {
-                                                                               aLine.find('.t3js-databaseAnalyzer-suggestion-line-count-value').html(line.rowCount);
+                                                                               aLine.find('.t3js-databaseAnalyzer-suggestion-line-count-value').text(line.rowCount);
                                                                                aLine.find('.t3js-databaseAnalyzer-suggestion-line-count').show();
                                                                        }
                                                                        aBlock.find('.t3js-databaseAnalyzer-suggestion-block-line').append(aLine);
index bb2f4eb..55d81c2 100644 (file)
@@ -219,8 +219,8 @@ define(['jquery',
                                                                                                var aMatch = $(hitTemplate).clone();
                                                                                                aMatch.find('.t3js-extensionScanner-hit-file-panel-head').attr('href', '#collapse' + match.uniqueId);
                                                                                                aMatch.find('.t3js-extensionScanner-hit-file-panel-body').attr('id', 'collapse' + match.uniqueId);
-                                                                                               aMatch.find('.t3js-extensionScanner-hit-filename').html(file);
-                                                                                               aMatch.find('.t3js-extensionScanner-hit-message').html(match.message);
+                                                                                               aMatch.find('.t3js-extensionScanner-hit-filename').text(file);
+                                                                                               aMatch.find('.t3js-extensionScanner-hit-message').text(match.message);
                                                                                                if (match.indicator === 'strong') {
                                                                                                        aMatch.find('.t3js-extensionScanner-hit-file-panel-head .badges')
                                                                                                                .append('<span class="badge" title="Reliable match, false positive unlikely">strong</span>');
@@ -241,8 +241,8 @@ define(['jquery',
                                                                                                                aRest.find('.t3js-extensionScanner-hit-rest-panel-head').attr('href', '#collapse' + restFile.uniqueId);
                                                                                                                aRest.find('.t3js-extensionScanner-hit-rest-panel-head .badge').empty().text(restFile.version);
                                                                                                                aRest.find('.t3js-extensionScanner-hit-rest-panel-body').attr('id', 'collapse' + restFile.uniqueId);
-                                                                                                               aRest.find('.t3js-extensionScanner-hit-rest-headline').html(restFile.headline);
-                                                                                                               aRest.find('.t3js-extensionScanner-hit-rest-body').html(restFile.content);
+                                                                                                               aRest.find('.t3js-extensionScanner-hit-rest-headline').text(restFile.headline);
+                                                                                                               aRest.find('.t3js-extensionScanner-hit-rest-body').text(restFile.content);
                                                                                                                aRest.addClass('panel-' + restFile.class);
                                                                                                                aMatch.find('.t3js-extensionScanner-hit-file-rest-container').append(aRest);
                                                                                                                self.listOfAffectedRestFileHashes.push(restFile.file_hash);
index 333ec33..8554df5 100644 (file)
@@ -35,10 +35,10 @@ define(['jquery', 'TYPO3/CMS/Install/Severity'], function ($, Severity) {
                var flashMessage = this.template.clone();
                flashMessage.addClass('alert-' + Severity.getCssClass(severity));
                if (title) {
-                       flashMessage.find('h4').html(title);
+                       flashMessage.find('h4').text(title);
                }
                if (message) {
-                       flashMessage.find('.messageText').html(message);
+                       flashMessage.find('.messageText').text(message);
                } else {
                        flashMessage.find('.messageText').remove();
                }
index 30d4562..2927813 100644 (file)
@@ -35,10 +35,10 @@ define(['jquery', 'TYPO3/CMS/Install/Severity'], function ($, Severity) {
                var infoBox = this.template.clone();
                infoBox.addClass('callout-' + Severity.getCssClass(severity));
                if (title) {
-                       infoBox.find('h4').html(title);
+                       infoBox.find('h4').text(title);
                }
                if (message) {
-                       infoBox.find('.callout-body').html(message);
+                       infoBox.find('.callout-body').text(message);
                } else {
                        infoBox.find('.callout-body').remove();
                }
index 77425f3..b44effa 100644 (file)
@@ -39,7 +39,7 @@ define(['jquery', 'TYPO3/CMS/Install/Severity'], function ($, Severity) {
                        progressBar.attr('aria-valuenow',progresss);
                }
                if (title) {
-                       progressBar.find('.sr-only').html(title);
+                       progressBar.find('.sr-only').text(title);
                }
                return progressBar;
        };
index ab0d4e2..73f19e1 100644 (file)
@@ -273,7 +273,7 @@ function($, Router, FlashMessage, ProgressBar, InfoBox, Severity) {
                                                                        numberOfWizardsTodo = numberOfWizardsTodo +1;
                                                                        aRow.removeClass('t3js-upgradeWizards-list-row-template');
                                                                        aRow.find(self.selectorWizardsListRowTitle).empty().text(element.title);
-                                                                       aRow.find(self.selectorWizardsListRowExplanation).empty().html(element.explanation);
+                                                                       aRow.find(self.selectorWizardsListRowExplanation).empty().text(element.explanation);
                                                                        aRow.find(self.selectorWizardsListRowExecute).data('identifier', element.identifier);
                                                                        list.find(self.selectorWizardsListRows).append(aRow);
                                                                }
@@ -419,7 +419,7 @@ function($, Router, FlashMessage, ProgressBar, InfoBox, Severity) {
                                                                hasBodyContent = true;
                                                                var aRow = $(rowTemplate).clone();
                                                                aRow.find(self.selectorWizardsDoneRowMarkUndone).data('identifier', element.identifier);
-                                                               aRow.find(self.selectorWizardsDoneRowTitle).html(element.title);
+                                                               aRow.find(self.selectorWizardsDoneRowTitle).text(element.title);
                                                                $wizardsDoneContainer.append(aRow);
                                                        });
                                                }