From 6118bf3c3adaa542c9461905ce7d9304ff79e6ce Mon Sep 17 00:00:00 2001 From: j Date: Wed, 15 Sep 2021 14:02:36 +0200 Subject: [PATCH 1/2] escape & --- static/js/utils.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/static/js/utils.js b/static/js/utils.js index 861e9b9a..8b626fd5 100644 --- a/static/js/utils.js +++ b/static/js/utils.js @@ -1110,7 +1110,9 @@ pandora.escapeQueryValue = function(value) { if (!Ox.isString(value)) { value = value.toString(); } - return value.replace(/%/, '%25') + return value + .replace(/%/, '%25') + .replace(/&/, '%26') .replace(/_/g, '%09') .replace(/\s/g, '_') .replace(/ Date: Wed, 15 Sep 2021 14:05:11 +0200 Subject: [PATCH 2/2] escape & too --- pandora/edit/models.py | 1 + static/js/documentInfoView.js | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/pandora/edit/models.py b/pandora/edit/models.py index 86fdc108..907dc579 100644 --- a/pandora/edit/models.py +++ b/pandora/edit/models.py @@ -13,6 +13,7 @@ from django.conf import settings from django.db import models, transaction from django.db.models import Max from django.contrib.auth import get_user_model +from django.core.cache import cache from oxdjango.fields import JSONField diff --git a/static/js/documentInfoView.js b/static/js/documentInfoView.js index f8ebe333..11fc40af 100644 --- a/static/js/documentInfoView.js +++ b/static/js/documentInfoView.js @@ -429,7 +429,7 @@ pandora.ui.documentInfoView = function(data, isMixed) { function formatLink(value, key) { return (Ox.isArray(value) ? value : [value]).map(function(value) { return key - ? '' + value + '' + ? '' + value + '' : value; }).join(', '); }