From c14c760033864a8a3dabfcd13983e1dbbcaae46e Mon Sep 17 00:00:00 2001 From: Jordan Mock <97684487+slothmock@users.noreply.github.com> Date: Wed, 23 Apr 2025 14:05:21 +0100 Subject: [PATCH 1/2] Fix #13272 - missing 'ng-bind' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR fixes issue #13272 where supplier and product names containing HTML character entities (e.g. ã) were rendered as raw text on the /admin/inventory page. For example, a supplier name intended to appear as: Pãtes du Contentin would incorrectly display as: Pãtes du Contentin Cause: AngularJS’s {{ ... }} interpolation inserts raw strings into the DOM without decoding HTML entities. --- .../admin/panels/exchange_products_distributed.html.haml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/assets/javascripts/templates/admin/panels/exchange_products_distributed.html.haml b/app/assets/javascripts/templates/admin/panels/exchange_products_distributed.html.haml index a51c9c0631..a05479f892 100644 --- a/app/assets/javascripts/templates/admin/panels/exchange_products_distributed.html.haml +++ b/app/assets/javascripts/templates/admin/panels/exchange_products_distributed.html.haml @@ -15,9 +15,9 @@ .exchange-product{'ng-repeat' => 'product in enterprises[exchange.enterprise_id].supplied_products | filter:visibleProducts:exchange:order_cycle.visible_variants_for_outgoing_exchanges' } .exchange-product-details %label - %img{'ng-src' => '{{ product.image_url }}'} - .name {{ product.name }} - .supplier {{ product.supplier_name }} + %img{'ng-src' => '{{ product.image_url }}'} + .name {{ 'ng-bind' => product.name }} + .supplier {{ 'ng-bind' => product.supplier_name }} .exchange-product-variant{'ng-repeat' => 'variant in product.variants | visibleVariants:exchange:order_cycle.visible_variants_for_outgoing_exchanges | filter:variantSuppliedToOrderCycle as filteredVariants'} %label From b56411145cbad40d0d6bca52fc61af5617cb3cd9 Mon Sep 17 00:00:00 2001 From: Jordan 'sloth' Mock Date: Thu, 24 Apr 2025 13:05:40 +0100 Subject: [PATCH 2/2] Incorrect place for origianl fix. Thanks to Blane W for pointint out the correct line. --- .../admin/panels/exchange_products_distributed.html.haml | 4 ++-- .../admin/variant_overrides/_products_variants.html.haml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/assets/javascripts/templates/admin/panels/exchange_products_distributed.html.haml b/app/assets/javascripts/templates/admin/panels/exchange_products_distributed.html.haml index a05479f892..fcb438653c 100644 --- a/app/assets/javascripts/templates/admin/panels/exchange_products_distributed.html.haml +++ b/app/assets/javascripts/templates/admin/panels/exchange_products_distributed.html.haml @@ -16,8 +16,8 @@ .exchange-product-details %label %img{'ng-src' => '{{ product.image_url }}'} - .name {{ 'ng-bind' => product.name }} - .supplier {{ 'ng-bind' => product.supplier_name }} + .name {{ product.name }} + .supplier {{ product.supplier_name }} .exchange-product-variant{'ng-repeat' => 'variant in product.variants | visibleVariants:exchange:order_cycle.visible_variants_for_outgoing_exchanges | filter:variantSuppliedToOrderCycle as filteredVariants'} %label diff --git a/app/views/admin/variant_overrides/_products_variants.html.haml b/app/views/admin/variant_overrides/_products_variants.html.haml index c924044c9b..206d916bfc 100644 --- a/app/views/admin/variant_overrides/_products_variants.html.haml +++ b/app/views/admin/variant_overrides/_products_variants.html.haml @@ -1,5 +1,5 @@ %tr.variant{ id: "v_{{variant.id}}", "ng-repeat": 'variant in product.variants | inventoryVariants:hub_id:views' } - %td.producer{ "ng-show": 'columns.producer.visible', "ng-bind": '::producersByID[variant.producer_id].name' } + %td.producer{ "ng-show": 'columns.producer.visible', "ng-bind-html": '::producersByID[variant.producer_id].name' } %td.product{ "ng-show": 'columns.product.visible' } %span{ "ng-bind": '::variant.display_name || ""' } .variant-override-unit{ "ng-bind": '::variant.unit_to_display' }