pgweb icon indicating copy to clipboard operation
pgweb copied to clipboard
verified publisher icon sosedoff

Text containing angle brackets cutoff early in "Cell Content" modal

Open cjboyle opened this issue 7 months ago • 2 comments

I have a JSON column that occasionally contains string values with angle brackets, e.g. {..., "dtype_numpy": "<f8", ...}. When viewed in the "Cell Content" modal, only text leading up to an opening < bracket is displayed, and cuts off the rest of the text early.

In the following block of code I can fix it by replacing $("#content_modal pre").html(value); with $("#content_modal pre").text(value);

https://github.com/sosedoff/pgweb/blob/main/static/js/app.js#L1524-L1530

Before: Image

After: Image

If there are no concerns, I'd be happy to make a quick PR for this.

cjboyle avatar Jun 09 '25 21:06 cjboyle

Should probably be fine. I dont remember the exact reason why i used html instead of text.

sosedoff avatar Jul 12 '25 19:07 sosedoff

Noticed this too. Seems like an XSS issue if you're viewing user-submitted data.

broady avatar Nov 23 '25 04:11 broady