From 401dcbd24bde818c8d29152e1d8796208531e71e Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Lievremont <jean-baptiste.lievremont@sonarsource.com>
Date: Wed, 22 Oct 2014 10:49:32 +0200
Subject: [PATCH] SONAR-5758 Use CSV escaping to send custom rule parameters

---
 server/sonar-web/Gruntfile.coffee                         | 2 ++
 .../views/coding-rules-custom-rule-creation-view.coffee   | 2 +-
 server/sonar-web/src/main/js/csv.js                       | 8 ++++++++
 3 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 server/sonar-web/src/main/js/csv.js

diff --git a/server/sonar-web/Gruntfile.coffee b/server/sonar-web/Gruntfile.coffee
index 5cef7cbd1dc..c7453a8d1f3 100644
--- a/server/sonar-web/Gruntfile.coffee
+++ b/server/sonar-web/Gruntfile.coffee
@@ -98,6 +98,7 @@ module.exports = (grunt) ->
             '<%= pkg.assets %>js/common/inputs.js'
             '<%= pkg.assets %>js/common/dialogs.js'
             '<%= pkg.assets %>js/application.js'
+            '<%= pkg.assets %>js/csv.js'
             '<%= pkg.assets %>js/dashboard.js'
             '<%= pkg.assets %>js/duplication.js'
             '<%= pkg.assets %>js/resource.js'
@@ -131,6 +132,7 @@ module.exports = (grunt) ->
             '<%= pkg.assets %>js/common/inputs.js'
             '<%= pkg.assets %>js/common/dialogs.js'
             '<%= pkg.assets %>js/application.js'
+            '<%= pkg.assets %>js/csv.js'
             '<%= pkg.assets %>js/dashboard.js'
             '<%= pkg.assets %>js/duplication.js'
             '<%= pkg.assets %>js/resource.js'
diff --git a/server/sonar-web/src/main/coffee/coding-rules/views/coding-rules-custom-rule-creation-view.coffee b/server/sonar-web/src/main/coffee/coding-rules/views/coding-rules-custom-rule-creation-view.coffee
index 4728cb45e5b..1ba1dd04288 100644
--- a/server/sonar-web/src/main/coffee/coding-rules/views/coding-rules-custom-rule-creation-view.coffee
+++ b/server/sonar-web/src/main/coffee/coding-rules/views/coding-rules-custom-rule-creation-view.coffee
@@ -74,7 +74,7 @@ define [
           value = node.prop('placeholder') || ''
         key: node.prop('name'), value: value).get()
 
-      postData.params = (params.map (param) -> param.key + '=' + param.value).join(';')
+      postData.params = (params.map (param) -> param.key + '=' + window.csvEscape(param.value)).join(';')
       @sendRequest(action, postData)
 
 
diff --git a/server/sonar-web/src/main/js/csv.js b/server/sonar-web/src/main/js/csv.js
new file mode 100644
index 00000000000..fcca34e796b
--- /dev/null
+++ b/server/sonar-web/src/main/js/csv.js
@@ -0,0 +1,8 @@
+(function() {
+
+  window.csvEscape = function(value) {
+    var escaped = value.replace(/"/g, '\\"');
+    return '"' + escaped + '"';
+  };
+
+})();
-- 
2.39.5