Bug #81806

Unescaped value in FormEngine.removeOption selector query

Added by Pierrick Caillon over 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Should have
Category:
FormEngine aka TCEforms
Target version:
-
Start date:
2017-07-05
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
7
PHP Version:
5.6
Tags:
JavaScript
Complexity:
easy
Is Regression:
Sprint Focus:
On Location Sprint

Description

I have a form field whose values comes from a list of subscribed classes for some roles.

The flexform TCA for this form field looks like that:

<providers>
    <TCEforms>
        <label>LLL:EXT:my_ext/Resources/Private/Language/locallang.xlf:flexform.sheets.general.providers</label>
        <config>
            <type>select</type>
            <itemsProcFunc>Vendor\MyExt\Flexform\Helper-&gt;renderProviderList</itemsProcFunc>
            <maxitems>100</maxitems>
            <size>4</size>
        </config>
    </TCEforms>
</providers>

The computed items list looks like:

[
    [ 'First provider', 'Vendor\\MyExt\\FirstProvider' ],
    [ 'Second provider', 'Vendor\\MyExt\\SecondProvider' ]
]

Manipulating the form element does not work well.

The issue is removing an element from the selected box is not working. After step by step debugging, it looks like the value $(this).attr('value') needs selector string escaping on line 569 of EXT:backend/Resources/Public/JavaScript/FormEngine.js.

Also affect 8 LTS. The affected code portion is the same. Only one line down.

Also available in: Atom PDF