inventree/InvenTree
2
0
Fork 0
mirror of https://github.com/inventree/InvenTree.git synced 2025-04-29 20:16:44 +00:00
Code

Form field sanitization (#3699)

Browse Source 
* Sanitize input string when using select2 search on forms

* CSS tweaks for images in card view
This commit is contained in:
Oliver 2022-09-21 11:59:54 +10:00 committed by GitHub
parent 04b3f022a0
commit e6225bd8b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
InvenTree/InvenTree/static/css/inventree.css
View File

@ -839,6 +839,11 @@ input[type="submit"] {
padding: 10px; padding: 10px;
} }
.card-thumb {
max-width: 64px;
max-height: 64px;
}
.float-right { .float-right {
float: right; float: right;
} }

3
InvenTree/templates/js/translated/forms.js
View File

@ -1727,7 +1727,8 @@ function initializeRelatedField(field, fields, options={}) {
var query = field.filters || {}; var query = field.filters || {};
// Add search and pagination options // Add search and pagination options
query.search = params.term; query.search = sanitizeInputString(params.term);
query.offset = offset; query.offset = offset;
query.limit = pageSize; query.limit = pageSize;

4
InvenTree/templates/js/translated/helpers.js
View File

@ -379,6 +379,10 @@ function setupNotesField(element, url, options={}) {
*/ */
function sanitizeInputString(s, options={}) { function sanitizeInputString(s, options={}) {
if (!s) {
return s;
}
// Remove ASCII control characters // Remove ASCII control characters
s = s.replace(/[\x01-\x1F]+/g, ''); s = s.replace(/[\x01-\x1F]+/g, '');

2
InvenTree/templates/js/translated/part.js
View File

@ -1356,7 +1356,7 @@ function partGridTile(part) {
<div class='panel-content'> <div class='panel-content'>
<div class='row'> <div class='row'>
<div class='col-sm-4'> <div class='col-sm-4'>
<img src='${part.thumbnail}' style='width: 100%;' class='card-thumb' onclick='showModalImage("${part.image}")'> <img src='${part.thumbnail}' class='card-thumb' onclick='showModalImage("${part.image}")'>
</div> </div>
<div class='col-sm-8'> <div class='col-sm-8'>
<table class='table table-striped table-condensed'> <table class='table table-striped table-condensed'>