[FIX] Report: html escape the error json string
session.get_file appends the json to the body of the generated iframe and then tries to json.parse it by reading contentNode on the body. Exceptions from `report_download` method may contain `<` and `>`, so when json.parse tries to json.parse the contentNode, it reads only a part of the original json string. htmlescaping the json string solves the issue by preventing the content of the json string to be interpreted as html.
This commit is contained in:
parent
80bb4422be
commit
08604812d8
|
@ -22,6 +22,7 @@
|
|||
from openerp.addons.web.http import Controller, route, request
|
||||
from openerp.addons.web.controllers.main import _serialize_exception
|
||||
from openerp.osv import osv
|
||||
from openerp.tools import html_escape
|
||||
|
||||
import simplejson
|
||||
from werkzeug import exceptions, url_decode
|
||||
|
@ -137,7 +138,7 @@ class ReportController(Controller):
|
|||
'message': "Odoo Server Error",
|
||||
'data': se
|
||||
}
|
||||
return request.make_response(simplejson.dumps(error))
|
||||
return request.make_response(html_escape(simplejson.dumps(error)))
|
||||
|
||||
@route(['/report/check_wkhtmltopdf'], type='json', auth="user")
|
||||
def check_wkhtmltopdf(self):
|
||||
|
|
Loading…
Reference in New Issue