[FIX] Report: html escape the error json string

session.get_file appends the json to the body of the generated iframe and then tries to json.parse it by reading contentNode on the body. Exceptions from `report_download` method may contain `<` and `>`, so when json.parse tries to json.parse the contentNode, it reads only a part of the original json string. htmlescaping the json string solves the issue by preventing the content of the json string to be interpreted as html.
2014-12-12 15:22:33 +01:00 · 2014-12-12 15:22:33 +01:00 · 08604812d8
parent 80bb4422be
commit 08604812d8
1 changed files with 2 additions and 1 deletions
--- a/addons/report/controllers/main.py
+++ b/addons/report/controllers/main.py
@ -22,6 +22,7 @@
 from openerp.addons.web.http import Controller, route, request
 from openerp.addons.web.controllers.main import _serialize_exception
 from openerp.osv import osv
+from openerp.tools import html_escape

 import simplejson
 from werkzeug import exceptions, url_decode
@ -137,7 +138,7 @@ class ReportController(Controller):
                'message': "Odoo Server Error",
                'data': se
            }
-            return request.make_response(simplejson.dumps(error))
+            return request.make_response(html_escape(simplejson.dumps(error)))

    @route(['/report/check_wkhtmltopdf'], type='json', auth="user")
    def check_wkhtmltopdf(self):