odoo/odoo#70004
Created by Framework (ORM), Xavier Morel (xmo)
Merged
at 80b27a672f49bee9db4d3ce05036579cde6ef9ed
Statuses:
- legal/cla: Contributor License Agreement check
- ci/runbot: Odoo Test Suite
- ci/upgrade_enterprise: Test upgrades for enterprise master
- ci/style: Optional style check. Ignore it only if strictly necessary.
- ci/security: Overridden by @xmo-odoo
Linked pull requests
- label
- odoo-dev:master-markupsafe-js-xmo
- head
- 11da0fd967676141adaf653d2c64783316f69b1c
- merged
- 5 years ago by Framework (ORM), Xavier Morel (xmo)
| odoo/odoo | odoo/enterprise | |
|---|---|---|
| master | #70004 | #18005 |
[MERGE] *: deprecate and replace non-owl t-raw
non-owl JS-side of #68072:
- deprecates
t-raw - adds a
t-outwhicht-escaliases and which "does the right thing" - introduces a
Markupfunction / object which is considered markup-safe by t-out (thus left unescaped) - unlike the python version, most of the override hooks (e.g. concatenation, formatting, ...) are not available in JS, we might eventually want to override some of the action methods (e.g. replace) but so far the needs seemed pretty limited
- and javascript pretty strongly differentiates between a string (primitive) and a String (object), the latter being what Markup gets
- so various constructs which can return a Markup in Python can't really afford to in JS: I tried with QWeb and e.g. jquery really does not deal well with non-primitive strings, as a result
_.escapeis shimmed to understandMarkupobjects but will not return markup objects when escaping strings sprintf(the one from web.utils) was updated for Markup-awareness for convenience though- and
Markupcan be used as a template tag, in which case it will automatically escape the substitutions - removed
messageIsHtmlfrom the non-owl notifications, replaced by the message being a markup object - updated Dialog to work the same way (it did not even have a flag), removed explicit escaping from most of the callsites (only found one where we actually leveraged dialog titles being markup)
- modified the kanban view so HTML non-raw values automatically get wrapped in Markup
Also moved some formatting from the server to the client, either removing the need to inject markup entirely or making the use of Markup much cleaner than just "mark whatever the server returned as safe".
There are a few things I'm not entirely sure about e.g. whether even using markup is necessary for formatMonetary, doesn't the "unicode" NBSP work fine in HTML? Though we may need to keep forceString to ensure something like ascii-compatibility.