#34283 closed Bug (fixed)
Missing parameter escaping in admin filters.js
| Reported by: | Stanislav | Owned by: | Stanislav |
|---|---|---|---|
| Component: | contrib.admin | Version: | 4.2 |
| Severity: | Release blocker | Keywords: | |
| Cc: | Stanislav, Marcelo Galigniana | Triage Stage: | Ready for checkin |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
I am using ukrainian language in django admin. This language has an apostrophe that users often write as '.
My code:
class HasMasterFilter(admin.SimpleListFilter):
title = "Пов'язаний?"
leads to error in /django/contrib/admin/static/admin/js/filters.js at the line:
const detailElement = document.querySelector(`[data-filter-title='${key}']`);
it's needed to escape the value in key
Change History (11)
comment:1 by , 22 months ago
| Cc: | added |
|---|---|
| Has patch: | set |
comment:2 by , 22 months ago
| Cc: | added |
|---|---|
| Has patch: | unset |
| Severity: | Normal → Release blocker |
| Triage Stage: | Unreviewed → Accepted |
| Version: | 4.1 → 4.2 |
Thanks for the report and testing against the alpha release!
Regression in 27aa7035f57f0db30b6632e4274e18b430906799.
comment:3 by , 22 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
follow-up: 5 comment:4 by , 22 months ago
Stanislav, Can you send PR via GitHub? (a regression test is required.)
follow-up: 6 comment:5 by , 22 months ago
Replying to Mariusz Felisiak:
Stanislav, Can you send PR via GitHub? (a regression test is required.)
I hope i did it
follow-up: 8 comment:6 by , 22 months ago
Replying to Stanislav:
Replying to Mariusz Felisiak:
Stanislav, Can you send PR via GitHub? (a regression test is required.)
I hope i did it
Hi Stanislav! I just saw your PR but it doesn’t have a new test. Marius means add a test like this: https://github.com/django/django/commit/27aa7035f57f0db30b6632e4274e18b430906799#diff-640602cc17dc3e9a26db47f58b40a1289d5c0f1b5b0fe547810b1d962f6cde8b. You could use it as a reference and add the escape case! Don’t forget update the issue status here too!
Let me know if you need help with something!
comment:8 by , 22 months ago
Replying to Marcelo Galigniana:
Replying to Stanislav:
Replying to Mariusz Felisiak:
Stanislav, Can you send PR via GitHub? (a regression test is required.)
I hope i did it
Hi Stanislav! I just saw your PR but it doesn’t have a new test. Marius means add a test like this: https://github.com/django/django/commit/27aa7035f57f0db30b6632e4274e18b430906799#diff-640602cc17dc3e9a26db47f58b40a1289d5c0f1b5b0fe547810b1d962f6cde8b. You could use it as a reference and add the escape case! Don’t forget update the issue status here too!
Let me know if you need help with something!
https://github.com/django/django/pull/16499
the error is related to js, so I process the browser logs in selenium
comment:9 by , 22 months ago
| Needs tests: | unset |
|---|---|
| Triage Stage: | Accepted → Ready for checkin |
Patch:
14c14 < const detailElement = document.querySelector(`[data-filter-title='${key}']`); --- > const detailElement = document.querySelector(`[data-filter-title='${CSS.escape(key)}']`); 30a31 >