escape & too

escape &
2021-09-15 14:05:11 +02:00 · 2021-09-15 14:02:36 +02:00
3 changed files with 5 additions and 2 deletions
--- a/pandora/edit/models.py
+++ b/pandora/edit/models.py
@ -13,6 +13,7 @@ from django.conf import settings
 from django.db import models, transaction
 from django.db.models import Max
 from django.contrib.auth import get_user_model
+from django.core.cache import cache

 from oxdjango.fields import JSONField

--- a/static/js/documentInfoView.js
+++ b/static/js/documentInfoView.js
@ -429,7 +429,7 @@ pandora.ui.documentInfoView = function(data, isMixed) {
    function formatLink(value, key) {
        return (Ox.isArray(value) ? value : [value]).map(function(value) {
            return key
-                ? '<a href="/documents/' + key + '=' + value + '">' + value + '</a>'
+                ? '<a href="/documents/' + key + '=' + pandora.escapeQueryValue(value) + '">' + value + '</a>'
                : value;
        }).join(', ');
    }
--- a/static/js/utils.js
+++ b/static/js/utils.js
@ -1110,7 +1110,9 @@ pandora.escapeQueryValue = function(value) {
    if (!Ox.isString(value)) {
        value = value.toString();
    }
-    return value.replace(/%/, '%25')
+    return value
+        .replace(/%/, '%25')
+        .replace(/&/, '%26')
        .replace(/_/g, '%09')
        .replace(/\s/g, '_')
        .replace(/</g, '%0E')
Author	SHA1	Message	Date
j	8a16c7e37f	escape & too	2021-09-15 14:05:11 +02:00
j	6118bf3c3a	escape &	2021-09-15 14:02:36 +02:00