Skip to content
Snippets Groups Projects
Commit 5360e10d authored by Julien (jula)'s avatar Julien (jula)
Browse files

[FIX] website_form: prevent crashing while parsing python dict in JS


__Description of the issue:__
- The `replace` method in JS only replace the first occurrence of a
string (unless `g` flag is used in the regex)
- There could be an apostrophe (`‘`) in a string value which would be
replaced by a quote (`“`)
- There could be “None”, “False” in a string value which would be
replaced too
- “True” is not taken into account

__Description of the fix:__
Those regex are meant to deal with more edge cases when transforming a
python dict to a JSON in JS. However there are still ways it could go
wrong. For the forward port in master, it could be a good idea to
consider converting dictionnaries directly in the backend using the
`json` python library.

__Steps to reproduce the issue:__
1. Edit the view `website.contactus`
(If `website_crm` is installed, either uninstall it or disable the
`website_crm.contactus_form` view)
2. At line 5, change the attribute `t-att-data-values` to a more
complicated dict like:
```
"{'email_to': res_company.email, 'name': 'Alice True', 'age': None, 'active': True, 'attr1': None , 'attr2': False , 'attr3': 'let\'s go'}"
```
3. Go to `/contactus` on the website
↳ Traceback

opw-3328690
task-3340946

closes odoo/odoo#128021

X-original-commit: d6351108
Signed-off-by: default avatarRomain Derie (rde) <rde@odoo.com>
parent 8221bef0
No related branches found
No related tags found
No related merge requests found
......@@ -132,9 +132,14 @@ odoo.define('website.s_website_form', function (require) {
if (dataForEl || Object.keys(this.preFillValues).length) {
const dataForValues = dataForEl ?
JSON.parse(dataForEl.dataset.values
.replace('False', '""')
.replace('None', '""')
.replace(/'/g, '"')
// replaces `True` by `true` if they are after `,` or `:` or `[`
.replace(/([,:\[]\s*)True/g, '$1true')
// replaces `False` and `None` by `""` if they are after `,` or `:` or `[`
.replace(/([,:\[]\s*)(False|None)/g, '$1""')
// replaces the `'` by `"` if they are before `,` or `:` or `]` or `}`
.replace(/'(\s*[,:\]}])/g, '"$1')
// replaces the `'` by `"` if they are after `{` or `[` or `,` or `:`
.replace(/([{\[:,]\s*)'/g, '$1"')
) : {};
const fieldNames = this.$target.serializeArray().map(el => el.name);
// All types of inputs do not have a value property (eg:hidden),
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment