1001851 – [fr_FR][Admin Portal] Garbage string displayed in the tooltips of '#path' column name in 'Edit Domain' -> 'Targets>LUNs' pane.

Bug 1001851 - [fr_FR][Admin Portal] Garbage string displayed in the tooltips of '#path' column name in 'Edit Domain' -> 'Targets>LUNs' pane.

Summary: [fr_FR][Admin Portal] Garbage string displayed in the tooltips of '#path' col...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine-webadmin-portal
Sub Component:
Version:	3.3.0
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	3.3.0
Assignee:	Alexander Wels
QA Contact:	Yuko Katabami
Docs Contact:
URL:
Whiteboard:	ux
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-08-28 01:08 UTC by Lijun Li
Modified:	2015-09-22 13:09 UTC (History)
CC List:	11 users (show)
Fixed In Version:	is15
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-01-21 22:15:13 UTC
oVirt Team:	---
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Garbage string displayed in the tooltips of '#path' column name in 'Edit Domain' -> 'Targets>LUNs' pane (65.29 KB, image/png) 2013-08-28 01:10 UTC, Lijun Li	no flags	Details
fr_vm_uptime_unescaped (13.35 KB, image/png) 2013-09-10 19:47 UTC, Daniel Erez	no flags	Details
fr_vm_uptime_escaped (13.35 KB, image/png) 2013-09-10 19:48 UTC, Daniel Erez	no flags	Details
en_vm_nics_drops_escaped (16.56 KB, image/png) 2013-09-10 19:49 UTC, Daniel Erez	no flags	Details
en_vm_nics_drops_unescaped (16.09 KB, image/png) 2013-09-10 19:51 UTC, Daniel Erez	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
oVirt gerrit	19018	0	None	None	None	Never

Description Lijun Li 2013-08-28 01:08:31 UTC

Description of problem:
[fr_FR][Admin Portal] Garbage string displayed in the tooltips of '#path' column name in 'Edit Domain' -> 'Targets>LUNs' pane.

Version-Release number of selected component (if applicable):
rhevm-3.3.0-0.16.master.el6ev.noarch.rpm
rhevm-webadmin-portal-3.3.0-0.16.master.el6ev.noarch.rpm

How reproducible:
100%

Steps to Reproduce:
1. Login web admin portal.
2. Click Storage tab
3. Select a iSCSI daomain from the list and Edit button.
4. Click Targets>LUNs and click + under the Target Name in Edit Domain dialog.
5. Move over to the #path column name and check the tooltips.


Actual results:
Garbage string displayed in the tooltips of '#path' column name in 'Edit Domain' -> 'Targets>LUNs' pane.


Expected results:
The '#path' tooltips should be displayed as normally.

Additional info:
Please refer to the attached screen shot for more details.

Comment 1 Lijun Li 2013-08-28 01:10:12 UTC

Created attachment 791209 [details]
Garbage string displayed in the tooltips of '#path' column name in 'Edit Domain' -> 'Targets>LUNs' pane

Comment 2 Allon Mureinik 2013-08-28 06:18:06 UTC

&#39; is the HTML code for a single quote, which came from the "d'acees"

Comment 3 Daniel Erez 2013-08-28 07:02:05 UTC

(In reply to Allon Mureinik from comment #2)
> &#39; is the HTML code for a single quote, which came from the "d'acees"

Indeed, looks like an issue with tool-tips rendering. The text should be HTML sanitized/escaped (e.g. using SafeHtmlUtils) when setting the title - probably around AbstractModelBoundPopupView -> setTitle().

Comment 4 Alexander Wels 2013-09-04 17:17:18 UTC

I think the problem is not that the string is not escaped, I think the problem is that the string is double escaped.

So the original "d`acees" is first escaped into "d&#39;acees", which is then escaped again and turned into "d&amp;#39;acees". Which is displayed as in the screen shot. Since I don't have an iSCSI capable domain, it is sort of hard for me to reproduce the issue and verify that I fixed it.

I found the location where the escaping is happening, but I need some way of testing and verifying before being able to submit a patch.

Comment 5 Daniel Erez 2013-09-07 17:02:41 UTC

Upload the patch and I'll verify it.

Comment 6 Alexander Wels 2013-09-09 13:43:23 UTC

Daniel,

I uploaded the patch that I *think* will fix the issue, let me know.

Comment 7 Daniel Erez 2013-09-10 19:46:06 UTC

(In reply to Alexander Wels from comment #6)
> Daniel,
> 
> I uploaded the patch that I *think* will fix the issue, let me know.

Still doesn't work... I think we can just unescape (completely) tooltips text.
By that, we could prevent tooltips with escaped characters/html tags (unrendered).
It should be safe since browsers natively render title attributes as string.
[see attached screenshots for more problematic toll-tips examples]

Uploaded a new patch with the proposed solution: http://gerrit.ovirt.org/#/c/19018/2

Comment 8 Daniel Erez 2013-09-10 19:47:36 UTC

Created attachment 796123 [details]
fr_vm_uptime_unescaped

Comment 9 Daniel Erez 2013-09-10 19:48:24 UTC

Created attachment 796124 [details]
fr_vm_uptime_escaped

Comment 10 Daniel Erez 2013-09-10 19:49:56 UTC

Created attachment 796125 [details]
en_vm_nics_drops_escaped

Comment 11 Daniel Erez 2013-09-10 19:51:12 UTC

Created attachment 796126 [details]
en_vm_nics_drops_unescaped

Comment 13 Itamar Heim 2014-01-21 22:15:13 UTC

Closing - RHEV 3.3 Released

Comment 14 Itamar Heim 2014-01-21 22:22:33 UTC

Closing - RHEV 3.3 Released

Note You need to log in before you can comment on or make changes to this bug.