Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0036788
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformmajoralways2017-09-05 09:212017-09-21 16:49
ReporterJONHMView Statuspublic 
Assigned Toalostale 
PriorityurgentResolutionfixedFixed in Version3.0PR17Q4
StatusclosedFix in branchFixed in SCM revision1fe55bea0066
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Tocaristu
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0036788: adding a \u2028 (line separator) character to any field makes UI to fail

DescriptionWhen creating a record having \u2028 (line separator) character and saving it, it shows an error but it saves the record anyway, and when trying to load the window it shows an error.
Steps To Reproduce- As 'F&B International Admin':

1) Create a new record on 'Business Partner' window and set the name copying the text from the attached file. Save the record, it will show an error
2) Refresh the window or reopen it. An error will be shown.

-> The record can be deleted only through database
TagsNo tags attached.
Attached Filesxls file icon wrongName.xls [^] (5,632 bytes) 2017-09-05 09:21
? file icon savingError.mp4 [^] (2,298,218 bytes) 2017-09-05 09:28

- Relationships Relation Graph ] Dependency Graph ]
related to defect 0036857 closedalostale having \u2028 or \u2029 characters in recent documents title makes UI to fail 

-  Notes
(0098826)
alostale (manager)
2017-09-05 12:09
edited on: 2017-09-05 12:09

See https://stackoverflow.com/a/9168133/2834815 [^]

SmartClient is receiving the json response as string and evaluating it using eval.

Note:
var respJson = '{"data":"\u2028"}' // this is kind of what client receives
var evalJson = 'var d='+respJson   // this is what SC transforms...
eval(evalJson)                     // ..to finally evaluate in this way

Uncaught SyntaxError: Invalid or unexpected token
    at <anonymous>:1:6
    at JSON.parse (<anonymous>)
    at Le (cb=gapi.loaded_0:73)
    at b (cb=gapi.loaded_0:226)

JSON.parse(respJson)              // this is valid though

eval(evalJson.replace(/\u2028/g,'\\u2028'))  // escaping it also would make it work


It would also be possible to escape in backed datasource reponse, but it might add performance overhead in all cases just to cover this one

(0098840)
alostale (manager)
2017-09-05 16:23

topic reported in SmartClient forums: https://forums.smartclient.com/forum/technical-q-a/248909-data-not-displayed-in-grid-if-it-contains-u2028-character [^]
(0098884)
hgbot (developer)
2017-09-07 12:18

Repository: erp/devel/pi
Changeset: 1fe55bea0066aa5e640db69dd63fbc86ca47e5e8
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Thu Sep 07 12:16:48 2017 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/1fe55bea0066aa5e640db69dd63fbc86ca47e5e8 [^]

fixed bug 36788: having some special UTF characters in DS response breaks UI

  When a DS response (or any other one that's later evaluated as JavaScript)
  includes certain characters, UI breaks.

  This is causes because these characters are not valied in JavaScript so when
  they are evaluated using eval function, it crashes.

  It has been fixed by escaping those characters in client side when the request
  arrives just before starting to process it.

---
M modules/org.openbravo.userinterface.smartclient/web/org.openbravo.userinterface.smartclient/js/ob-smartclient.js
---
(0098885)
alostale (manager)
2017-09-07 12:24

Note that implemented fix checks in client side all xhr responses to escape invalid characters.

It has been measured the overhead in creates, proving it is negligible: for the common case where there is none of those dangerous characters, the overhead was always under 1ms; cases where they appear so transformation requires to be done, overhead was around 1ms.
(0098902)
caristu (developer)
2017-09-08 11:19

Code reviewed + tested OK.
(0099367)
hudsonbot (developer)
2017-09-21 16:49

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9750b78d3e5c [^]
Maturity status: Test

- Issue History
Date Modified Username Field Change
2017-09-05 09:21 JONHM New Issue
2017-09-05 09:21 JONHM Assigned To => platform
2017-09-05 09:21 JONHM File Added: wrongName.xls
2017-09-05 09:21 JONHM Modules => Core
2017-09-05 09:21 JONHM Resolution time => 1506376800
2017-09-05 09:21 JONHM Triggers an Emergency Pack => No
2017-09-05 09:28 JONHM File Added: savingError.mp4
2017-09-05 09:36 Practics Issue Monitored: Practics
2017-09-05 12:09 alostale Note Added: 0098826
2017-09-05 12:09 alostale Summary When creating a record that contains unusual characters it shows an error when loading the window => adding a \u2028 (line separator) character to any field makes UI to fail
2017-09-05 12:09 alostale Description Updated View Revisions
2017-09-05 12:09 alostale Note Edited: 0098826 View Revisions
2017-09-05 16:23 alostale Note Added: 0098840
2017-09-07 11:46 alostale Assigned To platform => alostale
2017-09-07 12:18 hgbot Checkin
2017-09-07 12:18 hgbot Note Added: 0098884
2017-09-07 12:18 hgbot Status new => resolved
2017-09-07 12:18 hgbot Resolution open => fixed
2017-09-07 12:18 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/1fe55bea0066aa5e640db69dd63fbc86ca47e5e8 [^]
2017-09-07 12:20 alostale Review Assigned To => caristu
2017-09-07 12:24 alostale Note Added: 0098885
2017-09-08 11:19 caristu Note Added: 0098902
2017-09-08 11:19 caristu Status resolved => closed
2017-09-08 11:19 caristu Fixed in Version => 3.0PR17Q4
2017-09-14 13:09 alostale Relationship added related to 0036857
2017-09-21 16:49 hudsonbot Checkin
2017-09-21 16:49 hudsonbot Note Added: 0099367


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker