Merge pull request #42 from Linkurious/develop

EricMallard · web-flow · commit 6c367a0c4eb1 · 2024-03-12T16:34:04.000+01:00
Release 1.0.10 [ci:run]
diff --git a/.bumpversion.cfg b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.0.9
+current_version = 1.0.10
 commit = False
 tag = False
 serialize = 
diff --git a/.version b/.version
@@ -1 +1 @@
-1.0.9
+1.0.10
diff --git a/manifest.json b/manifest.json
@@ -1,6 +1,6 @@
 {
   "name": "data-table",
-  "version": "1.0.9",
+  "version": "1.0.10",
   "pluginApiVersion": "1.0.0",
   "publicRoute": "public",
   "singlePageAppIndex": "index.html",
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@linkurious/lke-plugin-data-table",
-  "version": "1.0.9",
+  "version": "1.0.10",
   "description": "Data-table plugin for Linkurious Enterprise",
   "main": "index.js",
   "homepage": "https://github.com/Linkurious/lke-plugin-data-table#readme",
@@ -11,12 +11,16 @@
     "type": "git",
     "url": "git+https://github.com/Linkurious/lke-plugin-data-table.git"
   },
+  "engines": {
+    "node": ">=18"
+  },
   "author": "Linkurious",
   "scripts": {
     "lint": "eslint --fix  .",
     "lint:ci-deactivated": "eslint -f checkstyle -o reports/checkstyle.xml  .",
     "build": "mkdir -p tmp/github_release && npm pack && gunzip -qf -c linkurious-lke-plugin-data-table-$(cat .version).tgz > lke-plugin-data-table.lke && ln -sf $(pwd)/lke-plugin-data-table.lke $(pwd)/tmp/github_release/lke-plugin-data-table-v$(cat .version).lke",
     "plugin:tar": "scripts/postpack.js",
+    "test:unit": "node ./test/index.js",
     "manual-upload": "gh release create \"v$(cat .version)\" tmp/github_release/lke-plugin-data-table-v$(cat .version).lke",
     "bump:patch": "bump2version patch && npm version --no-git-tag-version patch",
     "bump:minor": "bump2version minor && npm version --no-git-tag-version minor",
diff --git a/public/js/main.js b/public/js/main.js
@@ -7,24 +7,27 @@ let query;
 let isShowingLongValues;
 let pluginConfiguration;
 const headersToAlignRight = [];
-const loaderElement = document.getElementById('loader');
-const modal = document.getElementById('modal');
-
-// close the edit columns modal when clicking outside of it
-document.querySelector('body').addEventListener('click', () => {
-    if (event.target === modal) {
-        closeModal();
-    }
-});
-// close the edit columns modal when escape key is pressed
-window.onkeyup = (e) => {
-    if (
-        e.key === 'Escape' && modal.style.visibility === 'visible'
-    ) {
-        e.preventDefault();
-        closeModal();
-    }
-};
+const globalThisOrWindow = typeof globalThis === 'object' ? globalThis : typeof window === 'object' ? window : null;
+const loaderElement = globalThisOrWindow.document ? document.getElementById('loader') : undefined;
+const modal = globalThisOrWindow.document ? document.getElementById('modal') : undefined;
+
+if (globalThisOrWindow.document) {
+    // close the edit columns modal when clicking outside of it
+    document.querySelector('body').addEventListener('click', () => {
+        if (event.target === modal) {
+            closeModal();
+        }
+    });
+    // close the edit columns modal when escape key is pressed
+    globalThisOrWindow.onkeyup = (e) => {
+        if (
+          e.key === 'Escape' && modal.style.visibility === 'visible'
+        ) {
+            e.preventDefault();
+            closeModal();
+        }
+    };
+}
 
 /**
  * make XMLHttpRequest
@@ -65,7 +68,10 @@ function makeRequest(verb = 'GET', url, body) {
  * @param event : Object
  */
 function handleError(event) {
-    document.getElementById('error_description').innerText = event.body.message;
+    if (event instanceof Error) {
+        event = {body: {message: event.message}};
+    }
+    document.getElementById('error_description').innerText = event.body ? event.body.message : '';
     document.getElementById('loading').classList.add('hide');
     document.getElementById('spinner').classList.add('hide');
     document.getElementById('error').classList.remove('hide');
@@ -639,10 +645,43 @@ function changePaginationButtonState(first, prev, next, last) {
  * align the columns header title to the right
  */
 function alignRightHeaders() {
-    document.querySelectorAll('.tabulator-col-title').item(1).classList.add('align-right');
-    headersToAlignRight.forEach(index => {
-        document.querySelectorAll('.tabulator-col-title').item(index).classList.add('align-right');
-    });
+  document.querySelectorAll('.tabulator-col-title').item(1).classList.add('align-right');
+  headersToAlignRight.forEach(index => {
+    document.querySelectorAll('.tabulator-col-title').item(index).classList.add('align-right');
+  });
+}
+
+/**
+ * Note: in 'Numbers' on Mac, a string beginning with space(s) and one of the following characters: = + - @ \t \r 
+ * is interpeted as a formula.
+ * We decided to not fix all edge cases, but only the most common ones for now, so this method does fix this. 
+ * But this could be a possible improvement in the future if needed.
+ */
+globalThisOrWindow.addSingleQuoteToCsvIfNeeded = function(str) {
+  const specialChars = ['=', '+', '-', '@', '\t', '\r'];
+  if (specialChars.some(char => str.startsWith(char))) {
+    return "'" + str;
+  } else {
+    return str;
+  }
+}
+
+/**
+ * Patch the Tabulator CSV downloader logic to add a single quote to values starting with special characters
+ * This fixes the issue where Excel would interpret these values as formulas, creating a security risk
+ */
+function patchTabulatorCsvDownloader() {
+  const getFieldValueCopy = Tabulator.prototype.moduleBindings?.download?.prototype?.getFieldValue;
+  if (getFieldValueCopy === undefined) {
+    console.error('Ooops, something is wrong. CSV download might not work correctly. LKE-4315');
+  }
+  Tabulator.prototype.moduleBindings.download.prototype.getFieldValue = function(columnName,rowData) {
+    const value = getFieldValueCopy.call(this, columnName, rowData);
+    if (typeof value === 'string' || typeof value === 'number') {
+      return globalThisOrWindow.addSingleQuoteToCsvIfNeeded(String(value));
+    }
+    return value;
+  }
 }
 
 /**
@@ -657,6 +696,7 @@ function fillDataTable() {
     loaderElement.classList.remove('active');
     document.getElementById('container').classList.remove('hide');
     setTableHeader();
+    patchTabulatorCsvDownloader();
     // create Tabulator on DOM element with id "example-table"
     table = new Tabulator('#table', {
         tooltipsHeader: getTooltipsHeader,
diff --git a/test/index.js b/test/index.js
@@ -0,0 +1,33 @@
+const assert = require('node:assert');
+const {describe, it} = require('node:test');
+require('../public/js/main.js');
+
+describe('addSingleQuoteToCsvIfNeeded', function() {
+  it('should add a single quote in front of a formula', function() {
+    assert.strictEqual(
+      globalThis.addSingleQuoteToCsvIfNeeded('=SUM(A1:A2)'),
+      `'=SUM(A1:A2)`
+    )
+  });
+
+  it('should not add a quote in front of a string', function() {
+    assert.strictEqual(
+      globalThis.addSingleQuoteToCsvIfNeeded('abc'),
+      `abc`
+    )
+  });
+
+  it('should not add a quote in front of a positive number', function() {
+    assert.strictEqual(
+      globalThis.addSingleQuoteToCsvIfNeeded('12.5'),
+      `12.5`
+    )
+  });
+
+  it('should add a quote in front of a negative number', function() {
+    assert.strictEqual(
+      globalThis.addSingleQuoteToCsvIfNeeded('-12'),
+      `'-12`
+    )
+  });
+});

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "data-table",`
`3`		`- "version": "1.0.9",`
	`3`	`+ "version": "1.0.10",`
`4`	`4`	`"pluginApiVersion": "1.0.0",`
`5`	`5`	`"publicRoute": "public",`
`6`	`6`	`"singlePageAppIndex": "index.html",`