inventree/InvenTree
2
0
Fork 0
mirror of https://github.com/inventree/InvenTree.git synced 2025-06-18 04:55:44 +00:00
Code Activity

Sanitize search text in bootstrap table (#3609)

Browse Source 
* Sanitize search text in bootstrap table

* Clean search query on the server side before rendering search page template

- Refactor existing sanitizing code into functions

* Make ASCII and Unicode cleaning optional
This commit is contained in:
Oliver
2022-08-25 14:10:39 +10:00
committed by GitHub
parent e8621a97bc
commit 8fa67b8671
5 changed files with 80 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
InvenTree/templates/InvenTree/search.html
View File

@ -33,6 +33,8 @@
});
}
var search_text = sanitizeInputString("{{ query|escapejs }}");
function addItem(label, title, icon, options) {
// Construct a "badge" to add to the sidebar item
@ -85,7 +87,7 @@
"{% url 'api-part-list' %}",
{
params: {
original_search: "{{ query }}",
original_search: search_text,
},
checkbox: false,
disableFilters: true,
@ -96,7 +98,7 @@
loadPartCategoryTable($("#table-category"), {
params: {
original_search: "{{ query }}",
original_search: search_text,
}
});
@ -107,7 +109,7 @@
"{% url 'api-manufacturer-part-list' %}",
{
params: {
original_search: "{{ query }}",
original_search: search_text,
part_detail: true,
supplier_detail: true,
manufacturer_detail: true
@ -122,7 +124,7 @@
"{% url 'api-supplier-part-list' %}",
{
params: {
original_search: "{{ query }}",
original_search: search_text,
part_detail: true,
supplier_detail: true,
manufacturer_detail: true
@ -141,7 +143,7 @@
loadBuildTable('#table-build-order', {
locale: '{{ request.LANGUAGE_CODE }}',
params: {
original_search: '{{ query }}',
original_search: search_text,
}
});
@ -156,7 +158,7 @@
filterKey: 'stocksearch',
url: "{% url 'api-stock-list' %}",
params: {
original_search: "{{ query }}",
original_search: search_text,
part_detail: true,
location_detail: true
}
@ -167,7 +169,7 @@
loadStockLocationTable($("#table-location"), {
filterKey: 'locationsearch',
params: {
original_search: "{{ query }}",
original_search: search_text,
},
});
@ -180,8 +182,8 @@
loadCompanyTable('#table-manufacturer', "{% url 'api-company-list' %}", {
params: {
original_search: "{{ query }}",
is_manufacturer: "true",
original_search: search_text,
is_manufacturer: true,
}
});
@ -190,8 +192,8 @@
loadCompanyTable('#table-supplier', "{% url 'api-company-list' %}", {
params: {
original_search: "{{ query }}",
is_supplier: "true",
original_search: search_text,
is_supplier: true,
}
});
@ -199,7 +201,7 @@
loadPurchaseOrderTable('#table-purchase-order', {
params: {
original_search: '{{ query }}',
original_search: search_text,
}
});
@ -210,8 +212,8 @@
loadCompanyTable('#table-customer', "{% url 'api-company-list' %}", {
params: {
original_search: "{{ query }}",
is_customer: "true",
original_search: search_text,
is_customer: true,
}
});
@ -219,7 +221,7 @@
loadSalesOrderTable('#table-sales-orders', {
params: {
original_search: '{{ query }}',
original_search: search_text,
}
});
@ -230,7 +232,7 @@
enableSidebar(
'search',
{
hide_toggle: 'true',
hide_toggle: true,
}
);

4
InvenTree/templates/js/translated/tables.js
View File

@ -346,7 +346,9 @@ function convertQueryParameters(params, filters) {
if ('original_search' in params) {
var search = params['search'] || '';
params['search'] = search + ' ' + params['original_search'];
var clean_search = sanitizeInputString(search + ' ' + params['original_search']);
params['search'] = clean_search;
delete params['original_search'];
}