DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-01-13 06:47:46 -08:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity

Merge pull request #10918 from uberbrady/bs_tables_export_without_html_master

Browse source 
This disables the display of HTML content during exports (cherry-picked for master)
This commit is contained in:
snipe 2022-04-07 16:44:21 +01:00 committed by GitHub
parent 4b255ada70 4db7cb0e21
commit 0cb4caa4cf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
resources/views/partials/bootstrap-table.blade.php
View file

@ -32,9 +32,16 @@
$('.snipe-table').bootstrapTable('destroy').each(function () { $('.snipe-table').bootstrapTable('destroy').each(function () {
data_export_options = $(this).attr('data-export-options'); data_export_options = $(this).attr('data-export-options');
export_options = data_export_options? JSON.parse(data_export_options): {}; export_options = data_export_options ? JSON.parse(data_export_options) : {};
export_options['htmlContent'] = true; //always enforce this on the given data-export-options (to prevent XSS) export_options['htmlContent'] = false; // this is already the default; but let's be explicit about it
// the following callback method is necessary to prevent XSS vulnerabilities
// (this is taken from Bootstrap Tables's default wrapper around jQuery Table Export)
export_options['onCellHtmlData'] = function (cell, rowIndex, colIndex, htmlData) {
if (cell.is('th')) {
return cell.find('.th-inner').text()
}
return htmlData
}
$(this).bootstrapTable({ $(this).bootstrapTable({
classes: 'table table-responsive table-no-bordered', classes: 'table table-responsive table-no-bordered',
ajaxOptions: { ajaxOptions: {