Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0036788 | Openbravo ERP | A. Platform | public | 2017-09-05 09:21 | 2017-09-21 16:49 |
|
| Reporter | JONHM | |
| Assigned To | alostale | |
| Priority | urgent | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | | |
| Target Version | | Fixed in Version | 3.0PR17Q4 | |
| Merge Request Status | |
| Review Assigned To | caristu |
| OBNetwork customer | |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0036788: adding a \u2028 (line separator) character to any field makes UI to fail |
| Description | When creating a record having \u2028 (line separator) character and saving it, it shows an error but it saves the record anyway, and when trying to load the window it shows an error. |
| Steps To Reproduce | - As 'F&B International Admin':
1) Create a new record on 'Business Partner' window and set the name copying the text from the attached file. Save the record, it will show an error
2) Refresh the window or reopen it. An error will be shown.
-> The record can be deleted only through database |
| Proposed Solution | |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | related to | defect | 0036857 | | closed | alostale | having \u2028 or \u2029 characters in recent documents title makes UI to fail |
|
| Attached Files |  wrongName.xls (5,632) 2017-09-05 09:21
https://issues.openbravo.com/file_download.php?file_id=11037&type=bug
 savingError.mp4 (2,298,218) 2017-09-05 09:28
https://issues.openbravo.com/file_download.php?file_id=11038&type=bug |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2017-09-05 09:21 | JONHM | New Issue | |
| 2017-09-05 09:21 | JONHM | Assigned To | => platform |
| 2017-09-05 09:21 | JONHM | File Added: wrongName.xls | |
| 2017-09-05 09:21 | JONHM | Modules | => Core |
| 2017-09-05 09:21 | JONHM | Resolution time | => 1506376800 |
| 2017-09-05 09:21 | JONHM | Triggers an Emergency Pack | => No |
| 2017-09-05 09:28 | JONHM | File Added: savingError.mp4 | |
| 2017-09-05 09:36 | Practics | Issue Monitored: Practics | |
| 2017-09-05 12:09 | alostale | Note Added: 0098826 | |
| 2017-09-05 12:09 | alostale | Summary | When creating a record that contains unusual characters it shows an error when loading the window => adding a \u2028 (line separator) character to any field makes UI to fail |
| 2017-09-05 12:09 | alostale | Description Updated | bug_revision_view_page.php?rev_id=15809#r15809 |
| 2017-09-05 12:09 | alostale | Note Edited: 0098826 | bug_revision_view_page.php?bugnote_id=0098826#r15811 |
| 2017-09-05 16:23 | alostale | Note Added: 0098840 | |
| 2017-09-07 11:46 | alostale | Assigned To | platform => alostale |
| 2017-09-07 12:18 | hgbot | Checkin | |
| 2017-09-07 12:18 | hgbot | Note Added: 0098884 | |
| 2017-09-07 12:18 | hgbot | Status | new => resolved |
| 2017-09-07 12:18 | hgbot | Resolution | open => fixed |
| 2017-09-07 12:18 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/1fe55bea0066aa5e640db69dd63fbc86ca47e5e8 [^] |
| 2017-09-07 12:20 | alostale | Review Assigned To | => caristu |
| 2017-09-07 12:24 | alostale | Note Added: 0098885 | |
| 2017-09-08 11:19 | caristu | Note Added: 0098902 | |
| 2017-09-08 11:19 | caristu | Status | resolved => closed |
| 2017-09-08 11:19 | caristu | Fixed in Version | => 3.0PR17Q4 |
| 2017-09-14 13:09 | alostale | Relationship added | related to 0036857 |
| 2017-09-21 16:49 | hudsonbot | Checkin | |
| 2017-09-21 16:49 | hudsonbot | Note Added: 0099367 | |
|
Notes |
|
|
|
See https://stackoverflow.com/a/9168133/2834815 [^]
SmartClient is receiving the json response as string and evaluating it using eval.
Note:
var respJson = '{"data":"\u2028"}' // this is kind of what client receives
var evalJson = 'var d='+respJson // this is what SC transforms...
eval(evalJson) // ..to finally evaluate in this way
Uncaught SyntaxError: Invalid or unexpected token
at <anonymous>:1:6
at JSON.parse (<anonymous>)
at Le (cb=gapi.loaded_0:73)
at b (cb=gapi.loaded_0:226)
JSON.parse(respJson) // this is valid though
eval(evalJson.replace(/\u2028/g,'\\u2028')) // escaping it also would make it work
It would also be possible to escape in backed datasource reponse, but it might add performance overhead in all cases just to cover this one
|
|
|
|
|
|
|
|
(0098884)
|
|
hgbot
|
|
2017-09-07 12:18
|
|
Repository: erp/devel/pi
Changeset: 1fe55bea0066aa5e640db69dd63fbc86ca47e5e8
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Thu Sep 07 12:16:48 2017 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/1fe55bea0066aa5e640db69dd63fbc86ca47e5e8 [^]
fixed bug 36788: having some special UTF characters in DS response breaks UI
When a DS response (or any other one that's later evaluated as JavaScript)
includes certain characters, UI breaks.
This is causes because these characters are not valied in JavaScript so when
they are evaluated using eval function, it crashes.
It has been fixed by escaping those characters in client side when the request
arrives just before starting to process it.
---
M modules/org.openbravo.userinterface.smartclient/web/org.openbravo.userinterface.smartclient/js/ob-smartclient.js
---
|
|
|
|
|
Note that implemented fix checks in client side all xhr responses to escape invalid characters.
It has been measured the overhead in creates, proving it is negligible: for the common case where there is none of those dangerous characters, the overhead was always under 1ms; cases where they appear so transformation requires to be done, overhead was around 1ms. |
|
|
|
|
|
Code reviewed + tested OK. |
|
|
|
|
|