MAGETWO-37525: Page and Block titles not escaped properly

guz-anton · guz-anton · commit bdf8a35fec89 · 2015-05-27T17:52:23.000+03:00
- Cell in general escape output (via binding 'text:').
- Added exception for *select* fields: their output contains markup, but new markup cannot be setted by Admin user.
diff --git a/app/code/Magento/Cms/view/adminhtml/ui_component/cms_page_listing.xml b/app/code/Magento/Cms/view/adminhtml/ui_component/cms_page_listing.xml
@@ -373,9 +373,10 @@
         <column name="store_id" class="Magento\Store\Ui\Component\Listing\Column\Store">
             <argument name="data" xsi:type="array">
                 <item name="js_config" xsi:type="array">
-                    <item name="component" xsi:type="string">Magento_Ui/js/grid/columns/sortable</item>
+                    <item name="component" xsi:type="string">Magento_Ui/js/grid/columns/column</item>
                 </item>
                 <item name="config" xsi:type="array">
+                    <item name="bodyTmpl" xsi:type="string">ui/grid/cells/html</item>
                     <item name="sortable" xsi:type="boolean">false</item>
                     <item name="dataType" xsi:type="string">text</item>
                     <item name="align" xsi:type="string">left</item>
diff --git a/app/code/Magento/Ui/view/base/web/templates/grid/cells/html.html b/app/code/Magento/Ui/view/base/web/templates/grid/cells/html.html
@@ -0,0 +1,11 @@
+<!--
+/**
+ * Copyright © 2015 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+-->
+<td
+    data-bind="visible: visible,
+       click: isClickable(row) ? redirect.bind($data, getClickUrl(row)) : false,
+       html: getLabel(row[field.index])"
+    data-action="grid-row-edit"></td>
diff --git a/app/code/Magento/Ui/view/base/web/templates/grid/cells/text.html b/app/code/Magento/Ui/view/base/web/templates/grid/cells/text.html
@@ -4,15 +4,8 @@
  * See COPYING.txt for license details.
  */
 -->
-
-<!-- ko if: isClickable(row) -->
 <td
-    class="_clickable"
-    data-bind="click: redirect.bind($data, getClickUrl(row)),
-               visible: visible,
-               html: getLabel(row[field.index])"
-    data-action="grid-row-edit"></td>
-<!-- /ko -->
-<!-- ko ifnot: isClickable(row) -->
-<td data-bind="visible: visible, html: getLabel(row[field.index])"></td>
-<!-- /ko -->
+    data-bind="visible: visible,
+           click: isClickable(row) ? redirect.bind($data, getClickUrl(row)) : false,
+           text: getLabel(row[field.index])"
+    data-action="grid-row-edit"></td>
