Bug #1717

Unexpected convertion on XML special characters when display a vm template in sunstone.

Added by WH Wang about 7 years ago. Updated over 6 years ago.

Status:ClosedStart date:01/08/2013
Priority:NormalDue date:
Assignee:Daniel Molina% Done:

100%

Category:Sunstone
Target version:Release 4.0
Resolution:fixed Pull request:
Affected Versions:OpenNebula 3.8

Description

There is a bug in sunstone v3.8.1.
When update or show a vm template content in sunstone, the XML special characters are converted unexpected.

For example:

Template content:

RAW=[
  DATA=" 
  <features>
    <apic/>
  </features>",
  TYPE="KVM" ] 

Will be converted to:

RAW=[
  DATA=" 
  &lt;features&gt;
    &lt;apic/&gt;
  &lt;/features&gt;",
  TYPE="KVM" ]

The code causes the problem is in opennebula.js at row 20.

$.ajaxSetup({
  converters: {
    "text json": function( textValue ) {
      // Here jQuery.html() caused the problem
      return jQuery.parseJSON(jQuery('<div/>').text(textValue).html());
    }
  }
});

I fixed by using the default convertion in Opennebula.Action.show.

--- opennebula-3.8.1/src/sunstone/public/js/opennebula.js    2012-10-26 23:30:33.000000000 +0800
+++ opennebula-3.8.1-patched/src/sunstone/public/js/opennebula.js    2012-11-10 03:25:13.000000000 +0800
@@ -302,6 +302,9 @@
                 url: url,
                 type: "GET",
                 dataType: "json",
+                converters: {
+                    "text json": jQuery.parseJSON
+                },
                 success: function(response){
                     return callback ? callback(request, response) : null;
                 },
});

sunstone-001.patch Magnifier - My patch file (551 Bytes) WH Wang, 01/08/2013 08:34 AM

Associated revisions

Revision bdaa630a
Added by Daniel Molina over 6 years ago

bug #1717: unescape string when updating a template

History

#1 Updated by Ruben S. Montero about 7 years ago

  • Assignee set to Tino Vázquez
  • Target version set to Release 4.0

#2 Updated by Ruben S. Montero almost 7 years ago

  • Assignee changed from Tino Vázquez to Daniel Molina

#3 Updated by Daniel Molina over 6 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100
  • Resolution set to fixed

We have included an unescape method instead of using the default converter to avoid html/js injection

Also available in: Atom PDF