[FIX] pad: very bad conception that produced html injection that produced a lot of...

author niv-openerp <nicolas.vanhoren@openerp.com>

Tue, 20 Nov 2012 15:51:55 +0000 (16:51 +0100)

committer niv-openerp <nicolas.vanhoren@openerp.com>

Tue, 20 Nov 2012 15:51:55 +0000 (16:51 +0100)
author niv-openerp <nicolas.vanhoren@openerp.com>
Tue, 20 Nov 2012 15:51:55 +0000 (16:51 +0100)
committer niv-openerp <nicolas.vanhoren@openerp.com>
Tue, 20 Nov 2012 15:51:55 +0000 (16:51 +0100)
diff --git a/addons/pad/static/src/js/pad.js b/addons/pad/static/src/js/pad.js

index 929d626..9e1b73e 100644 (file)
--- a/addons/pad/static/src/js/pad.js
+++ b/addons/pad/static/src/js/pad.js
@@ -37,7 +37,10 @@ openerp.pad = function(instance) {
                  }else{
                      this.content = '<div class="oe_pad_loading">... Loading pad ...</div>';
                      $.get(value+'/export/html').success(function(data){
-                        self.$('.oe_pad_content').html('<div class="oe_pad_readonly">'+data+'<div>');
+                        groups = /\<\s*body\s*\>(.*?)\<\s*\/body\s*\>/.exec(data);
+                        data = (groups || []).length >= 2 ? groups[1] : '';
+                        self.$('.oe_pad_content').html('<div class="oe_pad_readonly"><div>');
+                        self.$('.oe_pad_readonly').html(data);
                      }).error(function(){
                          self.$('.oe_pad_content').text('Unable to load pad');
                      });
author	niv-openerp <nicolas.vanhoren@openerp.com>
	Tue, 20 Nov 2012 15:51:55 +0000 (16:51 +0100)
committer	niv-openerp <nicolas.vanhoren@openerp.com>
	Tue, 20 Nov 2012 15:51:55 +0000 (16:51 +0100)