SONAR-5758 Use CSV escaping to send custom rule parameters

author: Jean-Baptiste Lievremont <jean-baptiste.lievremont@sonarsource.com> 2014-10-22 10:49:32 +0200
committer: Jean-Baptiste Lievremont <jean-baptiste.lievremont@sonarsource.com> 2014-10-22 11:04:28 +0200
commit: 401dcbd24bde818c8d29152e1d8796208531e71e (patch)
tree: 078db1d13deb194816cbc8f9081c50efaec3db17
parent: 63cdfde62aef9741ff58214ef6c149fa32c6dbb4 (diff)
download: sonarqube-401dcbd24bde818c8d29152e1d8796208531e71e.tar.gz
sonarqube-401dcbd24bde818c8d29152e1d8796208531e71e.zip
3 files changed, 11 insertions, 1 deletions
diff --git a/server/sonar-web/Gruntfile.coffee b/server/sonar-web/Gruntfile.coffee
index 5cef7cbd1dc..c7453a8d1f3 100644
--- a/server/sonar-web/Gruntfile.coffee
+++ b/server/sonar-web/Gruntfile.coffee
@@ -98,6 +98,7 @@ module.exports = (grunt) ->
             '<%= pkg.assets %>js/common/inputs.js'
             '<%= pkg.assets %>js/common/dialogs.js'
             '<%= pkg.assets %>js/application.js'
+            '<%= pkg.assets %>js/csv.js'
             '<%= pkg.assets %>js/dashboard.js'
             '<%= pkg.assets %>js/duplication.js'
             '<%= pkg.assets %>js/resource.js'
@@ -131,6 +132,7 @@ module.exports = (grunt) ->
             '<%= pkg.assets %>js/common/inputs.js'
             '<%= pkg.assets %>js/common/dialogs.js'
             '<%= pkg.assets %>js/application.js'
+            '<%= pkg.assets %>js/csv.js'
             '<%= pkg.assets %>js/dashboard.js'
             '<%= pkg.assets %>js/duplication.js'
             '<%= pkg.assets %>js/resource.js'
diff --git a/server/sonar-web/src/main/coffee/coding-rules/views/coding-rules-custom-rule-creation-view.coffee b/server/sonar-web/src/main/coffee/coding-rules/views/coding-rules-custom-rule-creation-view.coffee
index 4728cb45e5b..1ba1dd04288 100644
--- a/server/sonar-web/src/main/coffee/coding-rules/views/coding-rules-custom-rule-creation-view.coffee
+++ b/server/sonar-web/src/main/coffee/coding-rules/views/coding-rules-custom-rule-creation-view.coffee
@@ -74,7 +74,7 @@ define [
           value = node.prop('placeholder') || ''
         key: node.prop('name'), value: value).get()
 
-      postData.params = (params.map (param) -> param.key + '=' + param.value).join(';')
+      postData.params = (params.map (param) -> param.key + '=' + window.csvEscape(param.value)).join(';')
       @sendRequest(action, postData)
 
 
diff --git a/server/sonar-web/src/main/js/csv.js b/server/sonar-web/src/main/js/csv.js
new file mode 100644
index 00000000000..fcca34e796b
--- /dev/null
+++ b/server/sonar-web/src/main/js/csv.js
@@ -0,0 +1,8 @@
+(function() {
+
+  window.csvEscape = function(value) {
+    var escaped = value.replace(/"/g, '\\"');
+    return '"' + escaped + '"';
+  };
+
+})();
author	Jean-Baptiste Lievremont <jean-baptiste.lievremont@sonarsource.com>	2014-10-22 10:49:32 +0200
committer	Jean-Baptiste Lievremont <jean-baptiste.lievremont@sonarsource.com>	2014-10-22 11:04:28 +0200
commit	401dcbd24bde818c8d29152e1d8796208531e71e (patch)
tree	078db1d13deb194816cbc8f9081c50efaec3db17
parent	63cdfde62aef9741ff58214ef6c149fa32c6dbb4 (diff)
download	sonarqube-401dcbd24bde818c8d29152e1d8796208531e71e.tar.gz sonarqube-401dcbd24bde818c8d29152e1d8796208531e71e.zip