Fix wrong target for submit buttons in js s3file.js #228
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Codecov Report
@@ Coverage Diff @@ ## main #228 +/- ## ======================================= Coverage 98.02% 98.02% ======================================= Files 8 8 Lines 203 203 ======================================= Hits 199 199 Misses 4 4 Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
| Hi @anneFly, Long time no see. I hope you are well. Thanks for spotting the error and the fix. That reminds me that this package is overdue for some JS tests. @SebastianKapunkt would you be interested in setting up jest + coverage here? Thanks again, I'll release the patch right away. Best Johannes! |
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
Hey @codingjoe 👋
I believe I found a small bug inside the js part of this library.
Description:
Inside the s3file.js there is an event handler for the click event on all submit buttons:
django-s3file/s3file/static/s3file/js/s3file.js
Lines 152 to 155 in 94ee141
When handling this event, the code is trying to copy the name and value form the clicked submit button to a new element. However, the code is using
event.target:django-s3file/s3file/static/s3file/js/s3file.js
Line 108 in 94ee141
This is a problem because the clicked submit button might have child elements like spans or images. If the user's mouse pointer is on a child element of the button, then
event.targetwill point to that child element. And since this child most likely does not have a name attribute, the new input element will have the nameundefinedand the data that gets posted to the server will containundefined=1instead of the name of the actual submit button.How to reproduce:
On the main branch you can reproduce it with a submit button that has a child and then you need to click on that child.
E.g. here is a button with a 10 pixels image.
If you click directly on that button, you'll see that the data that gets posted to the server will contain
undefined=1Proposed solution in this PR:
I've changed
event.targettoevent.currentTarget. That should always give you the button and not one of its children.If you try to reproduce the bug on this branch, you should see the expected result
asdf=1in the request data instead ofundefined=1