Success! Looks like we've fixed this one. According to our records the fix was applied for EXTGWT-1458 in 3.0.
  1. #1
    Sencha User
    Join Date
    Nov 2011
    Posts
    7
    Vote Rating
    0
    tedyoung is on a distinguished road

      0  

    Exclamation [GXT 3.0.0 beta 3] Bug in TriggerFieldDefaultAppearance

    [GXT 3.0.0 beta 3] Bug in TriggerFieldDefaultAppearance


    In GXT 3.0.0-beta3, there appears to be a bug in TriggerFieldDefaultAppearance.render() if the value contains a single-quote. The problem is that the value text is not HTML escaped, so when the value

    Workers' Comp Group

    is concatenated in line 187:

    String input = "<input name='" + name + "' " + ro + " style='" + inputStyles + "' type='text' value='" + value + "' class='" + cls + "'/>";

    You may end up with HTML that looks like this:

    <input name='null' style='width:125px;' type='text' value='Workers' Comp Group' class='GA0P54ODMY GA0P54ODD-'/>

    Which is invalid.

    ;ted

  2. #2
    Sencha - GXT Dev Team
    Join Date
    Feb 2009
    Location
    Minnesota
    Posts
    2,734
    Vote Rating
    90
    Colin Alworth is a glorious beacon of light Colin Alworth is a glorious beacon of light Colin Alworth is a glorious beacon of light Colin Alworth is a glorious beacon of light Colin Alworth is a glorious beacon of light

      0  

    Default


    Thanks, looks like the name property is also susceptable to issues here. We'll probably wrap this in a template, or find some other way to build it as a safe html string, escaping the things that need it.

  3. #3
    Sencha - GXT Dev Team
    Join Date
    Feb 2009
    Location
    Minnesota
    Posts
    2,734
    Vote Rating
    90
    Colin Alworth is a glorious beacon of light Colin Alworth is a glorious beacon of light Colin Alworth is a glorious beacon of light Colin Alworth is a glorious beacon of light Colin Alworth is a glorious beacon of light

      0  

    Default


    This has been fixed in SVN.

    A note on the changes we've made - we didn't use a template in this case, as there isn't a way to not draw html attributes based on the value, and html inputs interpret the readonly attribute as being active if it is set at all. As such, this is still a fairly stringy way of putting the whole thing together, but should be easier to understand and make sure it is correct than before.

  4. #4
    Sencha User WesleyMoy's Avatar
    Join Date
    Oct 2009
    Location
    Redwood City, California
    Posts
    402
    Vote Rating
    2
    WesleyMoy is on a distinguished road

      0  

    Default


    The fix for this bug has been included in the public release of Sencha GXT 3.0.0. Please try your test case again with this release. Although we're confident that this issue has been resolved, please reply here (or start a new bug thread linking to this one) if you continue to notice issues.

Thread Participants: 2