glitch with opencontent call javascript call in basecontenttreecs line 185 or so - bugs

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

montana 42 posts 63 karma points

Feb 03, 2011 @ 23:48

Glitch with openContent call javascript call in BaseContentTree.cs line 185 or so...

Umbraco 4.5

BaseContentTree.cs

the SetActionAttribute method is running HTMLEscape on the dd.Text value [page title in this case], in short the Replace function fails to escape single quotes on the Title in question, leading to javascript errors on selection.

[error occurs when selecting a page from the Tree for use as a link in the tinymce RTE.

To recreate: create a content node with a title of "Can't Select this", then in the content editor try to add a hyperlink to that location]

the short fix is to move the HTMLEncode call to the end of the assignment - I've rewritten it according to my style in the version I'm working on...

        protected void SetActionAttribute(ref XmlTreeNode treeElement, Document dd) {
            string nodeText = "";
            string nodeLink = "";
            string niceUrl = "";
            // Check for dialog behaviour
            if (this.DialogMode == TreeDialogModes.fulllink) {
                nodeLink = CreateNodeLink(dd);
            } else if (this.DialogMode == TreeDialogModes.locallink) {
                nodeLink = string.Format("{{localLink:{0}}}", dd.Id);
                // try to make a niceurl too
                niceUrl = corespin.library.NiceUrl(dd.Id);
                nodeText = dd.Text;
                nodeText = nodeText.Replace("'", "\\'");
                nodeText = HttpContext.Current.Server.HtmlEncode(nodeText);
                if (niceUrl != "#" || niceUrl != "") {
                    nodeLink += "|" + niceUrl + "|" + nodeText;
                } else {
                    nodeLink += "||" + nodeText;
                }
            } else if (this.DialogMode == TreeDialogModes.id || this.DialogMode == TreeDialogModes.none) {
                nodeLink = dd.Id.ToString();
            } else if (!this.IsDialog || (this.DialogMode == TreeDialogModes.id)) {
                if (CurrentUser.GetPermissions(dd.Path).Contains(ActionUpdate.Instance.Letter.ToString())) {
                    treeElement.Action = String.Format("javascript:openContent('{0}');", dd.Id);
                    return;
                }
            }
            nodeLink = nodeLink.Replace("'", "\\'");
            treeElement.Action = String.Format("javascript:openContent('{0}');", nodeLink);
        }

but the simple fix is just this block:

                nodeText = dd.Text;
                nodeText = nodeText.Replace("'", "\\'"); //run this first then HtmlEncode or HtmlEncode rewrites the string and muxxes the mix
                nodeText = HttpContext.Current.Server.HtmlEncode(nodeText);
                if (niceUrl != "#" || niceUrl != "") {
                    nodeLink += "|" + niceUrl + "|" + nodeText;
                } else {
                    nodeLink += "||" + nodeText;
                }

Copy Link

is working on a reply...

Please Sign in or register to post replies