Double Quotes in Components and Release Name breaks Listing

mcjaeger commented 7 years ago

When using double quotes in component name or release name or version, the according liustings are broken (=do not display any entry). Display values should use HTML escaped quotes.

(For Project listing with single or double quote it works).

bodetc commented 6 years ago

Fixed with a sw360:out tag. Produces the same effect as in the other listings:

bodetc commented 6 years ago

Fixed by https://github.com/sw360/sw360portal/issues/327

adrian-evo commented 6 years ago

Not fully fixed for component name. On edit page, the quoted name is not displayed.

quote

mcjaeger commented 6 years ago

confirm, same error is still there

maierthomas commented 6 years ago

please verify also

> ./homepage/signup/view.jsp: value="${newuser.givenname}" id="given_name">
> ./homepage/signup/view.jsp: value="${newuser.lastname}" id="last_name">
> ./homepage/signup/view.jsp:  <option value="${org.name}" class="textlabel stackedLabel"
> ./homepage/signup/view.jsp:  >${org.name}</option>
> ./projects/view.jsp: value="${name}" id="project_name" class="filterInput">
> ./projects/view.jsp:  <option value="${org.name}" class="textlabel stackedLabel"
> ./projects/view.jsp:  >${org.name}</option>
> ./projects/includes/projects/vulnerabilities.jspf:  "0": "${vulnerability.intReleaseName}",
> ./projects/includes/projects/vulnerabilities.jspf:  "6": '<div class="dataTables_cell_nowrap">${vulnerability.action}</div>'
> ./licenses/detail.jsp:  class="pageHeaderBigSpan">License: ${licenseDetail.fullname} (${licenseDetail.shortname})</span>
> ./licenses/includes/editDetailText.jspf:  placeholder="Enter the License-Text here...">${licenseDetail.text}</textarea>
> ./licenses/includes/detailText.jspf:  ${licenseDetail.text}
> ./licenses/includes/detailSummary.jspf:  <thead><tr><th colspan="2">License Details: ${licenseDetail.fullname} (${licenseDetail.shortname})</th></tr></thead>
> ./licenses/includes/detailTodos.jspf:  <form action="${editLicenseTodosURL}" method="post" id="FormTodosWhitelist" name="FormTodosWhitelist">
> ./components/detailRelease.jsp:  <p class="pageHeader"><label id="releaseHeaderLabel"> <span class="pageHeaderBigSpan"> Component: ${component.name}</span>
> ./components/detail.jsp:  <p class="pageHeader"><span class="pageHeaderBigSpan">Component: ${component.name}</span>
> ./components/view.jsp: value="${name}" id="component_name">
> ./components/view.jsp: value="${categories}" id="categories">
> ./components/view.jsp: value="${languages}" id="languages">
> ./components/view.jsp: value="${softwarePlatforms}" id="software_platforms">
> ./components/view.jsp: value="${operatingSystems}" id="operating_systems">
> ./components/view.jsp: value="${vendorNames}" id="vendor_names">
> ./components/view.jsp: value="${mainLicenseIds}" id="main_licenses">
> ./components/includes/components/editBasicInfo.jspf: value="${component.name}"/>
> ./components/includes/components/editBasicInfo.jspf:  var checkComponentNameUrl = '${checkComponentNameUrl}',
> ./components/includes/components/vulnerabilities.jspf:  "0": "${vulnerability.intReleaseName}",
> ./moderation/components/delete.jsp:<p class="pageHeader"><span class="pageHeaderBigSpan">Moderation Delete Component: ${component.name}</span>
> ./moderation/components/merge.jsp:<p class="pageHeader"><span class="pageHeaderBigSpan">Moderation Change Component: ${component.name}</span>
> ./utils/ajax/linkedProjectsRows.jspf:  value="${projectLink.name} ${projectLink.version}" maxChar="60"
> ./utils/includes/linkedReleaseDetails.jspf:  data-scope-group-id="${pageContext.getAttribute('scopeGroupId')}"
> ./utils/includes/usingComponentsTable.jspf:  <th colspan="4">${documentName} is used by the following components</th>
> ./utils/includes/usingProjectsTable.jspf:  <th colspan="3">${documentName} is used by the following projects</th>
> ./utils/includes/attachmentsDetail.jsp:  "fileName": "${attachment.filename}"

maierthomas commented 6 years ago

please verify also

projects/administrationEdit.jsp -> licenseInfoHeaderText

bodetc commented 6 years ago

[x] ./homepage/signup/view.jsp: value="${newuser.givenname}" id="given_name">
[x] ./homepage/signup/view.jsp: value="${newuser.lastname}" id="last_name">
[x] ./homepage/signup/view.jsp: <option value="${org.name}" class="textlabel stackedLabel"
[x] ./homepage/signup/view.jsp: >${org.name}
[x] ./projects/view.jsp: value="${name}" id="project_name" class="filterInput">
[x] ./projects/view.jsp: <option value="${org.name}" class="textlabel stackedLabel"
[x] ./projects/view.jsp: >${org.name}
[x] ./projects/includes/projects/vulnerabilities.jspf: "0": "${vulnerability.intReleaseName}",
[x] ./projects/includes/projects/vulnerabilities.jspf: "6": '
${vulnerability.action}
'
[x] ./licenses/detail.jsp: class="pageHeaderBigSpan">License: ${licenseDetail.fullname} (${licenseDetail.shortname})
[x] ./licenses/includes/editDetailText.jspf: placeholder="Enter the License-Text here...">${licenseDetail.text}
[x] ./licenses/includes/detailText.jspf: ${licenseDetail.text}
[x] ./licenses/includes/detailSummary.jspf: License Details: ${licenseDetail.fullname} (${licenseDetail.shortname})
[x] ./licenses/includes/detailTodos.jspf:
[x] ./components/detailRelease.jsp:
Component: ${component.name}
[x] ./components/detail.jsp:
Component: ${component.name}
[x] ./components/view.jsp: value="${name}" id="component_name">
[x] ./components/view.jsp: value="${categories}" id="categories">
[x] ./components/view.jsp: value="${languages}" id="languages">
[x] ./components/view.jsp: value="${softwarePlatforms}" id="software_platforms">
[x] ./components/view.jsp: value="${operatingSystems}" id="operating_systems">
[x] ./components/view.jsp: value="${vendorNames}" id="vendor_names">
[x] ./components/view.jsp: value="${mainLicenseIds}" id="main_licenses">
[x] ./components/includes/components/editBasicInfo.jspf: value="${component.name}"/>
[x] ./components/includes/components/editBasicInfo.jspf: var checkComponentNameUrl = '${checkComponentNameUrl}',
[x] ./components/includes/components/vulnerabilities.jspf: "0": "${vulnerability.intReleaseName}",
[x] ./moderation/components/delete.jsp:
Moderation Delete Component: ${component.name}
[x] ./moderation/components/merge.jsp:
Moderation Change Component: ${component.name}
[x] ./utils/ajax/linkedProjectsRows.jspf: value="${projectLink.name} ${projectLink.version}" maxChar="60"
[x] ./utils/includes/linkedReleaseDetails.jspf: data-scope-group-id="${pageContext.getAttribute('scopeGroupId')}"
[x] ./utils/includes/usingComponentsTable.jspf: ${documentName} is used by the following components
[x] ./utils/includes/usingProjectsTable.jspf: ${documentName} is used by the following projects
[x] ./utils/includes/attachmentsDetail.jsp: "fileName": "${attachment.filename}"
[x] ./utils/includes/attachmentsDetail.jsp: "fileName": "${attachment.filename}"
[x] ./projects/administrationEdit.jsp -> licenseInfoHeaderText

sw360 / sw360portal

Double Quotes in Components and Release Name breaks Listing #534