sw360portal icon indicating copy to clipboard operation
sw360portal copied to clipboard

Published 20 hours ago verified publisher icon sw360

Double Quotes in Components and Release Name breaks Listing

Open mcjaeger opened this issue 7 years ago • 7 comments

When using double quotes in component name or release name or version, the according liustings are broken (=do not display any entry). Display values should use HTML escaped quotes.

(For Project listing with single or double quote it works).

mcjaeger avatar Aug 16 '17 11:08 mcjaeger

Fixed with a sw360:out tag. Produces the same effect as in the other listings: screen shot 2017-10-26 at 17 03 21

bodetc avatar Oct 26 '17 15:10 bodetc

Fixed by https://github.com/sw360/sw360portal/issues/327

bodetc avatar Nov 07 '17 10:11 bodetc

Not fully fixed for component name. On edit page, the quoted name is not displayed.

quote

adrian-evo avatar Nov 15 '17 09:11 adrian-evo

confirm, same error is still there

mcjaeger avatar Nov 22 '17 13:11 mcjaeger

please verify also

> ./homepage/signup/view.jsp: value="${newuser.givenname}" id="given_name">
> ./homepage/signup/view.jsp: value="${newuser.lastname}" id="last_name">
> ./homepage/signup/view.jsp:  <option value="${org.name}" class="textlabel stackedLabel"
> ./homepage/signup/view.jsp:  >${org.name}</option>
> ./projects/view.jsp: value="${name}" id="project_name" class="filterInput">
> ./projects/view.jsp:  <option value="${org.name}" class="textlabel stackedLabel"
> ./projects/view.jsp:  >${org.name}</option>
> ./projects/includes/projects/vulnerabilities.jspf:  "0": "${vulnerability.intReleaseName}",
> ./projects/includes/projects/vulnerabilities.jspf:  "6": '<div class="dataTables_cell_nowrap">${vulnerability.action}</div>'
> ./licenses/detail.jsp:  class="pageHeaderBigSpan">License: ${licenseDetail.fullname} (${licenseDetail.shortname})</span>
> ./licenses/includes/editDetailText.jspf:  placeholder="Enter the License-Text here...">${licenseDetail.text}</textarea>
> ./licenses/includes/detailText.jspf:  ${licenseDetail.text}
> ./licenses/includes/detailSummary.jspf:  <thead><tr><th colspan="2">License Details: ${licenseDetail.fullname} (${licenseDetail.shortname})</th></tr></thead>
> ./licenses/includes/detailTodos.jspf:  <form action="${editLicenseTodosURL}" method="post" id="FormTodosWhitelist" name="FormTodosWhitelist">
> ./components/detailRelease.jsp:  <p class="pageHeader"><label id="releaseHeaderLabel"> <span class="pageHeaderBigSpan"> Component: ${component.name}</span>
> ./components/detail.jsp:  <p class="pageHeader"><span class="pageHeaderBigSpan">Component: ${component.name}</span>
> ./components/view.jsp: value="${name}" id="component_name">
> ./components/view.jsp: value="${categories}" id="categories">
> ./components/view.jsp: value="${languages}" id="languages">
> ./components/view.jsp: value="${softwarePlatforms}" id="software_platforms">
> ./components/view.jsp: value="${operatingSystems}" id="operating_systems">
> ./components/view.jsp: value="${vendorNames}" id="vendor_names">
> ./components/view.jsp: value="${mainLicenseIds}" id="main_licenses">
> ./components/includes/components/editBasicInfo.jspf: value="${component.name}"/>
> ./components/includes/components/editBasicInfo.jspf:  var checkComponentNameUrl = '${checkComponentNameUrl}',
> ./components/includes/components/vulnerabilities.jspf:  "0": "${vulnerability.intReleaseName}",
> ./moderation/components/delete.jsp:<p class="pageHeader"><span class="pageHeaderBigSpan">Moderation Delete Component: ${component.name}</span>
> ./moderation/components/merge.jsp:<p class="pageHeader"><span class="pageHeaderBigSpan">Moderation Change Component: ${component.name}</span>
> ./utils/ajax/linkedProjectsRows.jspf:  value="${projectLink.name} ${projectLink.version}" maxChar="60"
> ./utils/includes/linkedReleaseDetails.jspf:  data-scope-group-id="${pageContext.getAttribute('scopeGroupId')}"
> ./utils/includes/usingComponentsTable.jspf:  <th colspan="4">${documentName} is used by the following components</th>
> ./utils/includes/usingProjectsTable.jspf:  <th colspan="3">${documentName} is used by the following projects</th>
> ./utils/includes/attachmentsDetail.jsp:  "fileName": "${attachment.filename}"

maierthomas avatar Nov 23 '17 16:11 maierthomas

please verify also

  • projects/administrationEdit.jsp -> licenseInfoHeaderText

maierthomas avatar Dec 01 '17 17:12 maierthomas

  • [x] ./homepage/signup/view.jsp: value="${newuser.givenname}" id="given_name">
  • [x] ./homepage/signup/view.jsp: value="${newuser.lastname}" id="last_name">
  • [x] ./homepage/signup/view.jsp: <option value="${org.name}" class="textlabel stackedLabel"
  • [x] ./homepage/signup/view.jsp: >${org.name}
  • [x] ./projects/view.jsp: value="${name}" id="project_name" class="filterInput">
  • [x] ./projects/view.jsp: <option value="${org.name}" class="textlabel stackedLabel"
  • [x] ./projects/view.jsp: >${org.name}
  • [x] ./projects/includes/projects/vulnerabilities.jspf: "0": "${vulnerability.intReleaseName}",
  • [x] ./projects/includes/projects/vulnerabilities.jspf: "6": '
    ${vulnerability.action}
    '
  • [x] ./licenses/detail.jsp: class="pageHeaderBigSpan">License: ${licenseDetail.fullname} (${licenseDetail.shortname})
  • [x] ./licenses/includes/editDetailText.jspf: placeholder="Enter the License-Text here...">${licenseDetail.text}
  • [x] ./licenses/includes/detailText.jspf: ${licenseDetail.text}
  • [x] ./licenses/includes/detailSummary.jspf: License Details: ${licenseDetail.fullname} (${licenseDetail.shortname})
  • [x] ./licenses/includes/detailTodos.jspf:
  • [x] ./components/detailRelease.jsp:

  • [x] ./components/detail.jsp:

    Component: ${component.name}

  • [x] ./components/view.jsp: value="${name}" id="component_name">
  • [x] ./components/view.jsp: value="${categories}" id="categories">
  • [x] ./components/view.jsp: value="${languages}" id="languages">
  • [x] ./components/view.jsp: value="${softwarePlatforms}" id="software_platforms">
  • [x] ./components/view.jsp: value="${operatingSystems}" id="operating_systems">
  • [x] ./components/view.jsp: value="${vendorNames}" id="vendor_names">
  • [x] ./components/view.jsp: value="${mainLicenseIds}" id="main_licenses">
  • [x] ./components/includes/components/editBasicInfo.jspf: value="${component.name}"/>
  • [x] ./components/includes/components/editBasicInfo.jspf: var checkComponentNameUrl = '${checkComponentNameUrl}',
  • [x] ./components/includes/components/vulnerabilities.jspf: "0": "${vulnerability.intReleaseName}",
  • [x] ./moderation/components/delete.jsp:

    Moderation Delete Component: ${component.name}

  • [x] ./moderation/components/merge.jsp:

    Moderation Change Component: ${component.name}

  • [x] ./utils/ajax/linkedProjectsRows.jspf: value="${projectLink.name} ${projectLink.version}" maxChar="60"
  • [x] ./utils/includes/linkedReleaseDetails.jspf: data-scope-group-id="${pageContext.getAttribute('scopeGroupId')}"
  • [x] ./utils/includes/usingComponentsTable.jspf: ${documentName} is used by the following components
  • [x] ./utils/includes/usingProjectsTable.jspf: ${documentName} is used by the following projects
  • [x] ./utils/includes/attachmentsDetail.jsp: "fileName": "${attachment.filename}"
  • [x] ./utils/includes/attachmentsDetail.jsp: "fileName": "${attachment.filename}"
  • [x] ./projects/administrationEdit.jsp -> licenseInfoHeaderText

bodetc avatar Dec 13 '17 10:12 bodetc