[FIX] website_form: prevent crashing while parsing python dict in JS

__Description of the issue:__ - The `replace` method in JS only replace the first occurrence of a string (unless `g` flag is used in the regex) - There could be an apostrophe (`‘`) in a string value which would be replaced by a quote (`“`) - There could be “None”, “False” in a string value which would be replaced too - “True” is not taken into account __Description of the fix:__ Those regex are meant to deal with more edge cases when transforming a python dict to a JSON in JS. However there are still ways it could go wrong. For the forward port in master, it could be a good idea to consider converting dictionnaries directly in the backend using the `json` python library. __Steps to reproduce the issue:__ 1. Edit the view `website_form.contactus_form` (If `website_crm` is installed, either uninstall it or disable the `website_crm.contactus_form` view) 2. At line 4, change the attribute `t-att-data-values` to a more complicated dict like: ``` "{'email_to': res_company.email, 'name': 'Alice True', 'age': None, 'active': True, 'attr1': None , 'attr2': False , 'attr3': 'let\'s go'}" ``` 3. Go to `/contactus` on the website ↳ Traceback opw-3328690 task-3340946 closes odoo/odoo#124975 Signed-off-by: Romain Derie (rde) <rde@odoo.com>

[FIX] website_form: prevent crashing while parsing python dict in JS
d6351108 · Julien (jula) · add78c90 · d6351108
Commit d6351108 authored 1 year ago by Julien (jula)
--- a/addons/website_form/static/src/snippets/s_website_form/000.js
+++ b/addons/website_form/static/src/snippets/s_website_form/000.js
@@ -65,7 +65,16 @@ odoo.define('website_form.s_website_form', function (require) {
            // Because, using t-att- inside form make it non-editable
            var $values = $('[data-for=' + this.$target.attr('id') + ']');
            if ($values.length) {
-                var values = JSON.parse($values.data('values').replace('False', '""').replace('None', '""').replace(/'/g, '"'));
+                const values = JSON.parse($values.data('values')
+                    // replaces `True` by `true` if they are after `,` or `:` or `[`
+                    .replace(/([,:\[]\s*)True/g, '$1true')
+                    // replaces `False` and `None` by `""` if they are after `,` or `:` or `[`
+                    .replace(/([,:\[]\s*)(False|None)/g, '$1""')
+                    // replaces the `'` by `"` if they are before `,` or `:` or `]` or `}`
+                    .replace(/'(\s*[,:\]}])/g, '"$1')
+                    // replaces the `'` by `"` if they are after `{` or `[` or `,` or `:`
+                    .replace(/([{\[:,]\s*)'/g, '$1"')
+                );
                var fields = _.pluck(this.$target.serializeArray(), 'name');
                _.each(fields, function (field) {
                    if (_.has(values, field)) {