Bug #1717

Unexpected convertion on XML special characters when display a vm template in sunstone.

Added by WH Wang over 8 years ago. Updated about 8 years ago.

Status:ClosedStart date:01/08/2013
Priority:NormalDue date:
Assignee:Daniel Molina% Done:


Target version:Release 4.0
Resolution:fixed Pull request:
Affected Versions:OpenNebula 3.8


There is a bug in sunstone v3.8.1.
When update or show a vm template content in sunstone, the XML special characters are converted unexpected.

For example:

Template content:

  TYPE="KVM" ] 

Will be converted to:

  TYPE="KVM" ]

The code causes the problem is in opennebula.js at row 20.

  converters: {
    "text json": function( textValue ) {
      // Here jQuery.html() caused the problem
      return jQuery.parseJSON(jQuery('<div/>').text(textValue).html());

I fixed by using the default convertion in Opennebula.Action.show.

--- opennebula-3.8.1/src/sunstone/public/js/opennebula.js    2012-10-26 23:30:33.000000000 +0800
+++ opennebula-3.8.1-patched/src/sunstone/public/js/opennebula.js    2012-11-10 03:25:13.000000000 +0800
@@ -302,6 +302,9 @@
                 url: url,
                 type: "GET",
                 dataType: "json",
+                converters: {
+                    "text json": jQuery.parseJSON
+                },
                 success: function(response){
                     return callback ? callback(request, response) : null;

sunstone-001.patch Magnifier - My patch file (551 Bytes) WH Wang, 01/08/2013 08:34 AM

Associated revisions

Revision bdaa630a
Added by Daniel Molina about 8 years ago

bug #1717: unescape string when updating a template


#1 Updated by Ruben S. Montero over 8 years ago

  • Assignee set to Tino Vázquez
  • Target version set to Release 4.0

#2 Updated by Ruben S. Montero about 8 years ago

  • Assignee changed from Tino Vázquez to Daniel Molina

#3 Updated by Daniel Molina about 8 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100
  • Resolution set to fixed

We have included an unescape method instead of using the default converter to avoid html/js injection

Also available in: Atom PDF