Fixes row evolution for rows containing encoded entities (#19490)

* Fixes rowevolution for rows containing encoded entities * adjust tests * Do not sanitize goal details in APIresponse and adjust usages to prevent xss * update UI test
author: Stefan Giehl <stefan@matomo.org> 2022-07-14 10:40:11 +0300
committer: GitHub <noreply@github.com> 2022-07-14 10:40:11 +0300
commit: 392ef0bb0f2a05999813d743d070c34ac5d017f9 (patch)
tree: 6fbc3516ba506d0b63ba96f96edab144a3cb7ade /plugins/CoreHome/vue
parent: aa9425ff2b20a43004576183425047c3fa21d2ad (diff)
3 files changed, 20 insertions, 10 deletions
diff --git a/plugins/CoreHome/vue/dist/CoreHome.umd.js b/plugins/CoreHome/vue/dist/CoreHome.umd.js
index 0f7a209045..b724d3f18f 100644
--- a/plugins/CoreHome/vue/dist/CoreHome.umd.js
+++ b/plugins/CoreHome/vue/dist/CoreHome.umd.js
@@ -3620,9 +3620,9 @@ MatomoDialogvue_type_script_lang_ts.render = MatomoDialogvue_type_template_id_00
   },
   noScope: true
 }));
-// CONCATENATED MODULE: ./node_modules/@vue/cli-plugin-babel/node_modules/cache-loader/dist/cjs.js??ref--12-0!./node_modules/@vue/cli-plugin-babel/node_modules/thread-loader/dist/cjs.js!./node_modules/babel-loader/lib!./node_modules/@vue/cli-service/node_modules/vue-loader-v16/dist/templateLoader.js??ref--6!./node_modules/@vue/cli-service/node_modules/cache-loader/dist/cjs.js??ref--0-0!./node_modules/@vue/cli-service/node_modules/vue-loader-v16/dist??ref--0-1!./plugins/CoreHome/vue/src/EnrichedHeadline/EnrichedHeadline.vue?vue&type=template&id=7b85675d
+// CONCATENATED MODULE: ./node_modules/@vue/cli-plugin-babel/node_modules/cache-loader/dist/cjs.js??ref--12-0!./node_modules/@vue/cli-plugin-babel/node_modules/thread-loader/dist/cjs.js!./node_modules/babel-loader/lib!./node_modules/@vue/cli-service/node_modules/vue-loader-v16/dist/templateLoader.js??ref--6!./node_modules/@vue/cli-service/node_modules/cache-loader/dist/cjs.js??ref--0-0!./node_modules/@vue/cli-service/node_modules/vue-loader-v16/dist??ref--0-1!./plugins/CoreHome/vue/src/EnrichedHeadline/EnrichedHeadline.vue?vue&type=template&id=744f4bf7
 
-var EnrichedHeadlinevue_type_template_id_7b85675d_hoisted_1 = {
+var EnrichedHeadlinevue_type_template_id_744f4bf7_hoisted_1 = {
   key: 0,
   class: "title",
   tabindex: "6"
@@ -3654,7 +3654,7 @@ var _hoisted_11 = {
 var _hoisted_12 = ["innerHTML"];
 var _hoisted_13 = ["innerHTML"];
 var _hoisted_14 = ["href"];
-function EnrichedHeadlinevue_type_template_id_7b85675d_render(_ctx, _cache, $props, $setup, $data, $options) {
+function EnrichedHeadlinevue_type_template_id_744f4bf7_render(_ctx, _cache, $props, $setup, $data, $options) {
   var _component_RateFeature = Object(external_commonjs_vue_commonjs2_vue_root_Vue_["resolveComponent"])("RateFeature");
 
   return Object(external_commonjs_vue_commonjs2_vue_root_Vue_["openBlock"])(), Object(external_commonjs_vue_commonjs2_vue_root_Vue_["createElementBlock"])("div", {
@@ -3666,11 +3666,11 @@ function EnrichedHeadlinevue_type_template_id_7b85675d_render(_ctx, _cache, $pro
       return _ctx.showIcons = false;
     }),
     ref: "root"
-  }, [!_ctx.editUrl ? (Object(external_commonjs_vue_commonjs2_vue_root_Vue_["openBlock"])(), Object(external_commonjs_vue_commonjs2_vue_root_Vue_["createElementBlock"])("div", EnrichedHeadlinevue_type_template_id_7b85675d_hoisted_1, [Object(external_commonjs_vue_commonjs2_vue_root_Vue_["renderSlot"])(_ctx.$slots, "default")])) : Object(external_commonjs_vue_commonjs2_vue_root_Vue_["createCommentVNode"])("", true), _ctx.editUrl ? (Object(external_commonjs_vue_commonjs2_vue_root_Vue_["openBlock"])(), Object(external_commonjs_vue_commonjs2_vue_root_Vue_["createElementBlock"])("a", {
+  }, [!_ctx.editUrl ? (Object(external_commonjs_vue_commonjs2_vue_root_Vue_["openBlock"])(), Object(external_commonjs_vue_commonjs2_vue_root_Vue_["createElementBlock"])("div", EnrichedHeadlinevue_type_template_id_744f4bf7_hoisted_1, [Object(external_commonjs_vue_commonjs2_vue_root_Vue_["renderSlot"])(_ctx.$slots, "default")])) : Object(external_commonjs_vue_commonjs2_vue_root_Vue_["createCommentVNode"])("", true), _ctx.editUrl ? (Object(external_commonjs_vue_commonjs2_vue_root_Vue_["openBlock"])(), Object(external_commonjs_vue_commonjs2_vue_root_Vue_["createElementBlock"])("a", {
     key: 1,
     class: "title",
     href: _ctx.editUrl,
-    title: _ctx.translate('CoreHome_ClickToEditX', _ctx.$sanitize(_ctx.actualFeatureName))
+    title: _ctx.translate('CoreHome_ClickToEditX', _ctx.htmlEntities(_ctx.actualFeatureName))
   }, [Object(external_commonjs_vue_commonjs2_vue_root_Vue_["renderSlot"])(_ctx.$slots, "default")], 8, _hoisted_2)) : Object(external_commonjs_vue_commonjs2_vue_root_Vue_["createCommentVNode"])("", true), Object(external_commonjs_vue_commonjs2_vue_root_Vue_["withDirectives"])(Object(external_commonjs_vue_commonjs2_vue_root_Vue_["createElementVNode"])("span", _hoisted_3, [_ctx.helpUrl && !_ctx.actualInlineHelp ? (Object(external_commonjs_vue_commonjs2_vue_root_Vue_["openBlock"])(), Object(external_commonjs_vue_commonjs2_vue_root_Vue_["createElementBlock"])("a", {
     key: 0,
     rel: "noreferrer noopener",
@@ -3703,7 +3703,7 @@ function EnrichedHeadlinevue_type_template_id_7b85675d_render(_ctx, _cache, $pro
     href: _ctx.helpUrl
   }, Object(external_commonjs_vue_commonjs2_vue_root_Vue_["toDisplayString"])(_ctx.translate('General_MoreDetails')), 9, _hoisted_14)) : Object(external_commonjs_vue_commonjs2_vue_root_Vue_["createCommentVNode"])("", true)], 512), [[external_commonjs_vue_commonjs2_vue_root_Vue_["vShow"], _ctx.showInlineHelp]])], 544);
 }
-// CONCATENATED MODULE: ./plugins/CoreHome/vue/src/EnrichedHeadline/EnrichedHeadline.vue?vue&type=template&id=7b85675d
+// CONCATENATED MODULE: ./plugins/CoreHome/vue/src/EnrichedHeadline/EnrichedHeadline.vue?vue&type=template&id=744f4bf7
 
 // CONCATENATED MODULE: ./plugins/CoreHome/vue/src/useExternalPluginComponent.ts
 /*!
@@ -3857,6 +3857,11 @@ var RateFeature = useExternalPluginComponent('Feedback', 'RateFeature');
         }
       }
     });
+  },
+  methods: {
+    htmlEntities: function htmlEntities(v) {
+      return Matomo_Matomo.helper.htmlEntities(v);
+    }
   }
 }));
 // CONCATENATED MODULE: ./plugins/CoreHome/vue/src/EnrichedHeadline/EnrichedHeadline.vue?vue&type=script&lang=ts
@@ -3865,7 +3870,7 @@ var RateFeature = useExternalPluginComponent('Feedback', 'RateFeature');
 
 
 
-EnrichedHeadlinevue_type_script_lang_ts.render = EnrichedHeadlinevue_type_template_id_7b85675d_render
+EnrichedHeadlinevue_type_script_lang_ts.render = EnrichedHeadlinevue_type_template_id_744f4bf7_render
 
 /* harmony default export */ var EnrichedHeadline = (EnrichedHeadlinevue_type_script_lang_ts);
 // CONCATENATED MODULE: ./plugins/CoreHome/vue/src/EnrichedHeadline/EnrichedHeadline.adapter.ts
diff --git a/plugins/CoreHome/vue/dist/CoreHome.umd.min.js b/plugins/CoreHome/vue/dist/CoreHome.umd.min.js
index 40d28457eb..9fb4aac37d 100644
--- a/plugins/CoreHome/vue/dist/CoreHome.umd.min.js
+++ b/plugins/CoreHome/vue/dist/CoreHome.umd.min.js
@@ -258,13 +258,13 @@ function On(e){return{restrict:"A",priority:10,link:function(t,n,r){var i={insta
  *
  * @link https://matomo.org
  * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
- */function _n(e,t,n,r,i,o){var l=Object(a["resolveComponent"])("RateFeature");return Object(a["openBlock"])(),Object(a["createElementBlock"])("div",{class:"enrichedHeadline",onMouseenter:t[1]||(t[1]=function(t){return e.showIcons=!0}),onMouseleave:t[2]||(t[2]=function(t){return e.showIcons=!1}),ref:"root"},[e.editUrl?Object(a["createCommentVNode"])("",!0):(Object(a["openBlock"])(),Object(a["createElementBlock"])("div",En,[Object(a["renderSlot"])(e.$slots,"default")])),e.editUrl?(Object(a["openBlock"])(),Object(a["createElementBlock"])("a",{key:1,class:"title",href:e.editUrl,title:e.translate("CoreHome_ClickToEditX",e.$sanitize(e.actualFeatureName))},[Object(a["renderSlot"])(e.$slots,"default")],8,Dn)):Object(a["createCommentVNode"])("",!0),Object(a["withDirectives"])(Object(a["createElementVNode"])("span",Pn,[e.helpUrl&&!e.actualInlineHelp?(Object(a["openBlock"])(),Object(a["createElementBlock"])("a",{key:0,rel:"noreferrer noopener",target:"_blank",class:"helpIcon",href:e.helpUrl,title:e.translate("CoreHome_ExternalHelp")},Tn,8,Vn)):Object(a["createCommentVNode"])("",!0),e.actualInlineHelp?(Object(a["openBlock"])(),Object(a["createElementBlock"])("a",{key:1,onClick:t[0]||(t[0]=function(t){return e.showInlineHelp=!e.showInlineHelp}),class:Object(a["normalizeClass"])(["helpIcon",{active:e.showInlineHelp}]),title:e.translate(e.reportGenerated?"General_HelpReport":"General_Help")},xn,10,An)):Object(a["createCommentVNode"])("",!0),Object(a["createElementVNode"])("div",Bn,[Object(a["createVNode"])(l,{title:e.actualFeatureName},null,8,["title"])])],512),[[a["vShow"],e.showIcons||e.showInlineHelp]]),Object(a["withDirectives"])(Object(a["createElementVNode"])("div",Mn,[Object(a["createElementVNode"])("div",{innerHTML:e.$sanitize(e.actualInlineHelp)},null,8,Ln),""!=e.reportGenerated?(Object(a["openBlock"])(),Object(a["createElementBlock"])("span",{key:0,class:"helpDate",innerHTML:e.$sanitize(e.reportGenerated)},null,8,Fn)):Object(a["createCommentVNode"])("",!0),e.helpUrl?(Object(a["openBlock"])(),Object(a["createElementBlock"])("a",{key:1,rel:"noreferrer noopener",target:"_blank",class:"readMore",href:e.helpUrl},Object(a["toDisplayString"])(e.translate("General_MoreDetails")),9,Rn)):Object(a["createCommentVNode"])("",!0)],512),[[a["vShow"],e.showInlineHelp]])],544)}
+ */function _n(e,t,n,r,i,o){var l=Object(a["resolveComponent"])("RateFeature");return Object(a["openBlock"])(),Object(a["createElementBlock"])("div",{class:"enrichedHeadline",onMouseenter:t[1]||(t[1]=function(t){return e.showIcons=!0}),onMouseleave:t[2]||(t[2]=function(t){return e.showIcons=!1}),ref:"root"},[e.editUrl?Object(a["createCommentVNode"])("",!0):(Object(a["openBlock"])(),Object(a["createElementBlock"])("div",En,[Object(a["renderSlot"])(e.$slots,"default")])),e.editUrl?(Object(a["openBlock"])(),Object(a["createElementBlock"])("a",{key:1,class:"title",href:e.editUrl,title:e.translate("CoreHome_ClickToEditX",e.htmlEntities(e.actualFeatureName))},[Object(a["renderSlot"])(e.$slots,"default")],8,Dn)):Object(a["createCommentVNode"])("",!0),Object(a["withDirectives"])(Object(a["createElementVNode"])("span",Pn,[e.helpUrl&&!e.actualInlineHelp?(Object(a["openBlock"])(),Object(a["createElementBlock"])("a",{key:0,rel:"noreferrer noopener",target:"_blank",class:"helpIcon",href:e.helpUrl,title:e.translate("CoreHome_ExternalHelp")},Tn,8,Vn)):Object(a["createCommentVNode"])("",!0),e.actualInlineHelp?(Object(a["openBlock"])(),Object(a["createElementBlock"])("a",{key:1,onClick:t[0]||(t[0]=function(t){return e.showInlineHelp=!e.showInlineHelp}),class:Object(a["normalizeClass"])(["helpIcon",{active:e.showInlineHelp}]),title:e.translate(e.reportGenerated?"General_HelpReport":"General_Help")},xn,10,An)):Object(a["createCommentVNode"])("",!0),Object(a["createElementVNode"])("div",Bn,[Object(a["createVNode"])(l,{title:e.actualFeatureName},null,8,["title"])])],512),[[a["vShow"],e.showIcons||e.showInlineHelp]]),Object(a["withDirectives"])(Object(a["createElementVNode"])("div",Mn,[Object(a["createElementVNode"])("div",{innerHTML:e.$sanitize(e.actualInlineHelp)},null,8,Ln),""!=e.reportGenerated?(Object(a["openBlock"])(),Object(a["createElementBlock"])("span",{key:0,class:"helpDate",innerHTML:e.$sanitize(e.reportGenerated)},null,8,Fn)):Object(a["createCommentVNode"])("",!0),e.helpUrl?(Object(a["openBlock"])(),Object(a["createElementBlock"])("a",{key:1,rel:"noreferrer noopener",target:"_blank",class:"readMore",href:e.helpUrl},Object(a["toDisplayString"])(e.translate("General_MoreDetails")),9,Rn)):Object(a["createCommentVNode"])("",!0)],512),[[a["vShow"],e.showInlineHelp]])],544)}
 /*!
  * Matomo - free/libre analytics platform
  *
  * @link https://matomo.org
  * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
- */function $n(e,t){return Object(a["defineAsyncComponent"])((function(){return new Promise((function(n){window.$(document).ready((function(){window[e]?n(window[e][t]):n(null)}))}))}))}var Hn=$n("Feedback","RateFeature"),Un=Object(a["defineComponent"])({props:{helpUrl:{type:String,default:""},editUrl:{type:String,default:""},reportGenerated:String,featureName:String,inlineHelp:String},components:{RateFeature:Hn},data:function(){return{showIcons:!1,showInlineHelp:!1,actualFeatureName:this.featureName,actualInlineHelp:this.inlineHelp}},watch:{inlineHelp:function(e){this.actualInlineHelp=e},featureName:function(e){this.actualFeatureName=e}},mounted:function(){var e=this,t=this.$refs.root;setTimeout((function(){if(!e.actualInlineHelp){var n,r=t.querySelector(".title .inlineHelp");if(!r&&null!==(n=t.parentElement)&&void 0!==n&&n.nextElementSibling&&(r=t.parentElement.nextElementSibling.querySelector(".reportDocumentation")),r){var i,a=null===(i=r.getAttribute("data-content"))||void 0===i?void 0:i.trim();a&&a.length&&(e.actualInlineHelp="<p>".concat(a,"</p>"),setTimeout((function(){return r.remove()}),0))}}var o;e.actualFeatureName||(e.actualFeatureName=null===(o=t.querySelector(".title"))||void 0===o?void 0:o.textContent);if(S.period&&S.currentDateString){var l=p.parse(S.period,S.currentDateString);e.reportGenerated&&l.containsToday()&&window.$(t.querySelector(".report-generated")).tooltip({track:!0,content:e.reportGenerated,items:"div",show:!1,hide:!1})}}))}});Un.render=_n;var qn=Un,Wn=(kt({component:qn,scope:{helpUrl:{angularJsBind:"@"},editUrl:{angularJsBind:"@"},reportGenerated:{angularJsBind:"@?"},featureName:{angularJsBind:"@"},inlineHelp:{angularJsBind:"@?"}},directiveName:"piwikEnrichedHeadline",transclude:!0}),{class:"card",ref:"root"}),Jn={class:"card-content"},Gn={key:0,class:"card-title"},zn={key:1,class:"card-title"},Yn={ref:"content"};
+ */function $n(e,t){return Object(a["defineAsyncComponent"])((function(){return new Promise((function(n){window.$(document).ready((function(){window[e]?n(window[e][t]):n(null)}))}))}))}var Hn=$n("Feedback","RateFeature"),Un=Object(a["defineComponent"])({props:{helpUrl:{type:String,default:""},editUrl:{type:String,default:""},reportGenerated:String,featureName:String,inlineHelp:String},components:{RateFeature:Hn},data:function(){return{showIcons:!1,showInlineHelp:!1,actualFeatureName:this.featureName,actualInlineHelp:this.inlineHelp}},watch:{inlineHelp:function(e){this.actualInlineHelp=e},featureName:function(e){this.actualFeatureName=e}},mounted:function(){var e=this,t=this.$refs.root;setTimeout((function(){if(!e.actualInlineHelp){var n,r=t.querySelector(".title .inlineHelp");if(!r&&null!==(n=t.parentElement)&&void 0!==n&&n.nextElementSibling&&(r=t.parentElement.nextElementSibling.querySelector(".reportDocumentation")),r){var i,a=null===(i=r.getAttribute("data-content"))||void 0===i?void 0:i.trim();a&&a.length&&(e.actualInlineHelp="<p>".concat(a,"</p>"),setTimeout((function(){return r.remove()}),0))}}var o;e.actualFeatureName||(e.actualFeatureName=null===(o=t.querySelector(".title"))||void 0===o?void 0:o.textContent);if(S.period&&S.currentDateString){var l=p.parse(S.period,S.currentDateString);e.reportGenerated&&l.containsToday()&&window.$(t.querySelector(".report-generated")).tooltip({track:!0,content:e.reportGenerated,items:"div",show:!1,hide:!1})}}))},methods:{htmlEntities:function(e){return S.helper.htmlEntities(e)}}});Un.render=_n;var qn=Un,Wn=(kt({component:qn,scope:{helpUrl:{angularJsBind:"@"},editUrl:{angularJsBind:"@"},reportGenerated:{angularJsBind:"@?"},featureName:{angularJsBind:"@"},inlineHelp:{angularJsBind:"@?"}},directiveName:"piwikEnrichedHeadline",transclude:!0}),{class:"card",ref:"root"}),Jn={class:"card-content"},Gn={key:0,class:"card-title"},zn={key:1,class:"card-title"},Yn={ref:"content"};
 /*!
  * Matomo - free/libre analytics platform
  *
diff --git a/plugins/CoreHome/vue/src/EnrichedHeadline/EnrichedHeadline.vue b/plugins/CoreHome/vue/src/EnrichedHeadline/EnrichedHeadline.vue
index c83ee915fa..cf827bea5f 100644
--- a/plugins/CoreHome/vue/src/EnrichedHeadline/EnrichedHeadline.vue
+++ b/plugins/CoreHome/vue/src/EnrichedHeadline/EnrichedHeadline.vue
@@ -22,7 +22,7 @@
       v-if="editUrl"
       class="title"
       :href="editUrl"
-      :title="translate('CoreHome_ClickToEditX', $sanitize(actualFeatureName))"
+      :title="translate('CoreHome_ClickToEditX', htmlEntities(actualFeatureName))"
     >
       <slot />
     </a>
@@ -200,5 +200,10 @@ export default defineComponent({
       }
     });
   },
+  methods: {
+    htmlEntities(v: string) {
+      return Matomo.helper.htmlEntities(v);
+    },
+  },
 });
 </script>
author	Stefan Giehl <stefan@matomo.org>	2022-07-14 10:40:11 +0300
committer	GitHub <noreply@github.com>	2022-07-14 10:40:11 +0300
commit	392ef0bb0f2a05999813d743d070c34ac5d017f9 (patch)
tree	6fbc3516ba506d0b63ba96f96edab144a3cb7ade /plugins/CoreHome/vue
parent	aa9425ff2b20a43004576183425047c3fa21d2ad (diff)