diff --git a/assets/src/modules/Popup.js b/assets/src/modules/Popup.js
index f8114cbd97..597b31b73e 100644
--- a/assets/src/modules/Popup.js
+++ b/assets/src/modules/Popup.js
@@ -178,7 +178,13 @@ export default class Popup {
document.getElementById('newOlMap').style.cursor = 'wait';
wms.getFeatureInfo(wmsParams).then(response => {
+ DOMPurify.addHook('afterSanitizeAttributes', node => {
+ if (node.nodeName === 'IFRAME') {
+ node.setAttribute('sandbox','allow-scripts allow-forms');
+ }
+ });
const sanitizedResponse = DOMPurify.sanitize(response, {
+ ADD_TAGS: ['iframe'],
ADD_ATTR: ['target'],
CUSTOM_ELEMENT_HANDLING: {
tagNameCheck: /^lizmap-/,
diff --git a/tests/qgis-projects/tests/tests_dataset.sql b/tests/qgis-projects/tests/tests_dataset.sql
index 4ed542e880..0130a966ad 100644
--- a/tests/qgis-projects/tests/tests_dataset.sql
+++ b/tests/qgis-projects/tests/tests_dataset.sql
@@ -2,8 +2,8 @@
-- PostgreSQL database dump
--
--- Dumped from database version 14.11 (Debian 14.11-1.pgdg110+2)
--- Dumped by pg_dump version 14.12 (Ubuntu 14.12-0ubuntu0.22.04.1)
+-- Dumped from database version 14.13 (Debian 14.13-1.pgdg110+1)
+-- Dumped by pg_dump version 14.13 (Ubuntu 14.13-0ubuntu0.22.04.1)
SET statement_timeout = 0;
SET lock_timeout = 0;
@@ -2199,6 +2199,37 @@ CREATE SEQUENCE tests_projects.table_for_relationnal_value_gid_seq
ALTER SEQUENCE tests_projects.table_for_relationnal_value_gid_seq OWNED BY tests_projects.table_for_relationnal_value.gid;
+--
+-- Name: text_widget_point_edit; Type: TABLE; Schema: tests_projects; Owner: -
+--
+
+CREATE TABLE tests_projects.text_widget_point_edit (
+ id integer NOT NULL,
+ point_name text,
+ geom public.geometry(Point,4326)
+);
+
+
+--
+-- Name: text_widget_point_edit_id_seq; Type: SEQUENCE; Schema: tests_projects; Owner: -
+--
+
+CREATE SEQUENCE tests_projects.text_widget_point_edit_id_seq
+ AS integer
+ START WITH 1
+ INCREMENT BY 1
+ NO MINVALUE
+ NO MAXVALUE
+ CACHE 1;
+
+
+--
+-- Name: text_widget_point_edit_id_seq; Type: SEQUENCE OWNED BY; Schema: tests_projects; Owner: -
+--
+
+ALTER SEQUENCE tests_projects.text_widget_point_edit_id_seq OWNED BY tests_projects.text_widget_point_edit.id;
+
+
--
-- Name: time_manager; Type: TABLE; Schema: tests_projects; Owner: -
--
@@ -2414,35 +2445,6 @@ CREATE SEQUENCE tests_projects.xss_id_seq
ALTER SEQUENCE tests_projects.xss_id_seq OWNED BY tests_projects.xss.id;
---
--- Name: text_widget_point_edit; Type: TABLE; Schema: tests_projects; Owner: -
---
-
-CREATE TABLE tests_projects.text_widget_point_edit (
- id integer NOT NULL,
- point_name text,
- geom public.geometry(Point, 4326)
-);
-
---
--- Name: text_widget_point_edit Type: SEQUENCE; Schema: tests_projects; Owner: -
---
-
-CREATE SEQUENCE tests_projects.text_widget_point_edit_id_seq
- AS integer
- START WITH 1
- INCREMENT BY 1
- NO MINVALUE
- NO MAXVALUE
- CACHE 1;
-
---
--- Name: text_widget_point_edit_id_seq; Type: SEQUENCE OWNED BY; Schema: tests_projects; Owner: -
---
-
-ALTER SEQUENCE tests_projects.text_widget_point_edit_id_seq OWNED BY tests_projects.text_widget_point_edit.id;
-
-
--
-- Name: attribute_table id; Type: DEFAULT; Schema: tests_projects; Owner: -
--
@@ -2905,6 +2907,13 @@ ALTER TABLE ONLY tests_projects.single_wms_tiled_baselayer ALTER COLUMN id SET D
ALTER TABLE ONLY tests_projects.sousquartiers ALTER COLUMN id SET DEFAULT nextval('tests_projects.sousquartiers_id_seq'::regclass);
+--
+-- Name: text_widget_point_edit id; Type: DEFAULT; Schema: tests_projects; Owner: -
+--
+
+ALTER TABLE ONLY tests_projects.text_widget_point_edit ALTER COLUMN id SET DEFAULT nextval('tests_projects.text_widget_point_edit_id_seq'::regclass);
+
+
--
-- Name: time_manager gid; Type: DEFAULT; Schema: tests_projects; Owner: -
--
@@ -2954,13 +2963,6 @@ ALTER TABLE ONLY tests_projects.triple_geom ALTER COLUMN id SET DEFAULT nextval(
ALTER TABLE ONLY tests_projects.xss ALTER COLUMN id SET DEFAULT nextval('tests_projects.xss_id_seq'::regclass);
---
--- Name: text_widget_point_edit id; Type: DEFAULT; Schema: tests_projects; Owner: -
---
-
-ALTER TABLE ONLY tests_projects.text_widget_point_edit ALTER COLUMN id SET DEFAULT nextval('tests_projects.text_widget_point_edit_id_seq'::regclass);
-
-
--
-- Data for Name: attribute_table; Type: TABLE DATA; Schema: tests_projects; Owner: -
--
@@ -3709,6 +3711,15 @@ COPY tests_projects.table_for_relationnal_value (gid, code, label) FROM stdin;
\.
+--
+-- Data for Name: text_widget_point_edit; Type: TABLE DATA; Schema: tests_projects; Owner: -
+--
+
+COPY tests_projects.text_widget_point_edit (id, point_name, geom) FROM stdin;
+1 Widget_test 0101000020E6100000FBC6B025B7E10E4098DF5229E9CC4540
+\.
+
+
--
-- Data for Name: time_manager; Type: TABLE DATA; Schema: tests_projects; Owner: -
--
@@ -3789,19 +3800,14 @@ COPY tests_projects.triple_geom (id, title, geom, geom_l, geom_p) FROM stdin;
1 P2 0101000020E61000009BAFF31C24420F40B0F20C103ECD4540 0102000020E610000003000000F831609D15230F40B6C8ADA872CB45400D2267EAD5350F40CA0ED2F6E3CE4540CD98B4D8D86F0F40013F5C530CCE4540 0103000020E610000001000000040000008CEAFEE73F350F40CE5B430568D2454027CEAF4A464D0F40F4234A1D77D045405E04E2147F7E0F402E327583F7D145408CEAFEE73F350F40CE5B430568D24540
\.
+
--
-- Data for Name: xss; Type: TABLE DATA; Schema: tests_projects; Owner: -
--
COPY tests_projects.xss (id, geom, description) FROM stdin;
1 01010000206A0800000D9D9921FD822741B3C56B7B4DF45741
-\.
-
---
--- Data for Name: text_widget_point_edit; Type: TABLE DATA; Schema: tests_projects; Owner: -
---
-COPY tests_projects.text_widget_point_edit (id, point_name, geom) FROM stdin;
-1 Widget_test 0101000000FBC6B025B7E10E4098DF5229E9CC4540
+2 01010000206A0800003C971843589327416B44F41A5BF45741
\.
@@ -4281,6 +4287,13 @@ SELECT pg_catalog.setval('tests_projects.table_for_form_gid_seq', 1, true);
SELECT pg_catalog.setval('tests_projects.table_for_relationnal_value_gid_seq', 3, true);
+--
+-- Name: text_widget_point_edit_id_seq; Type: SEQUENCE SET; Schema: tests_projects; Owner: -
+--
+
+SELECT pg_catalog.setval('tests_projects.text_widget_point_edit_id_seq', 1, true);
+
+
--
-- Name: time_manager_gid_seq; Type: SEQUENCE SET; Schema: tests_projects; Owner: -
--
@@ -4327,14 +4340,7 @@ SELECT pg_catalog.setval('tests_projects.triple_geom_id_seq', 1, true);
-- Name: xss_id_seq; Type: SEQUENCE SET; Schema: tests_projects; Owner: -
--
-SELECT pg_catalog.setval('tests_projects.xss_id_seq', 1, true);
-
-
---
--- Name: text_widget_point_edit_id_seq; Type: SEQUENCE SET; Schema: tests_projects; Owner: -
---
-
-SELECT pg_catalog.setval('tests_projects.text_widget_point_edit_id_seq', 1, true);
+SELECT pg_catalog.setval('tests_projects.xss_id_seq', 2, true);
--
@@ -4905,6 +4911,14 @@ ALTER TABLE ONLY tests_projects.table_for_relationnal_value
ADD CONSTRAINT table_for_relationnal_value_pkey PRIMARY KEY (gid);
+--
+-- Name: text_widget_point_edit text_widget_point_edit_pkey; Type: CONSTRAINT; Schema: tests_projects; Owner: -
+--
+
+ALTER TABLE ONLY tests_projects.text_widget_point_edit
+ ADD CONSTRAINT text_widget_point_edit_pkey PRIMARY KEY (id);
+
+
--
-- Name: time_manager time_manager_pkey; Type: CONSTRAINT; Schema: tests_projects; Owner: -
--
@@ -4961,15 +4975,6 @@ ALTER TABLE ONLY tests_projects.xss
ADD CONSTRAINT xss_pkey PRIMARY KEY (id);
---
--- Name: text_widget_point_edit text_widget_point_edit_pkey; Type: CONSTRAINT; Schema: tests_projects; Owner: -
---
-
-ALTER TABLE ONLY tests_projects.text_widget_point_edit
- ADD CONSTRAINT text_widget_point_edit_pkey PRIMARY KEY (id);
-
-
-
--
-- Name: fki_line_fkey; Type: INDEX; Schema: tests_projects; Owner: -
--
@@ -5045,3 +5050,4 @@ ALTER TABLE ONLY tests_projects.tramway_pivot
--
-- PostgreSQL database dump complete
--
+
diff --git a/tests/qgis-projects/tests/xss.qgs b/tests/qgis-projects/tests/xss.qgs
index 5630da94d9..0fdcda21ae 100644
--- a/tests/qgis-projects/tests/xss.qgs
+++ b/tests/qgis-projects/tests/xss.qgs
@@ -1,4 +1,4 @@
-
+
@@ -16,6 +16,7 @@
false
+
@@ -70,7 +71,7 @@
-
+
Annotations_7a15088a_18b7_4dc9_9f76_e3284776451f
@@ -98,6 +99,7 @@
+
@@ -116,12 +118,21 @@
+
+ 1
+ 1
+ 1
+ 0
+
+
+
+
1
0
-
+
770430.5656251028412953
6279477.92845289688557386
@@ -171,6 +182,7 @@
+
@@ -235,7 +247,7 @@
-
+
@@ -284,7 +296,7 @@
-
+
@@ -317,7 +329,7 @@
-
+
@@ -360,7 +372,7 @@
-
+
@@ -395,6 +407,9 @@
+
+
+
-
+
@@ -479,14 +494,14 @@
-
+
-
+
@@ -498,6 +513,10 @@
+
+
+
+
@@ -517,7 +536,7 @@
-
+
@@ -564,7 +583,7 @@ def my_form_open(dialog, layer, feature):
"description"
-
+
@@ -599,6 +618,7 @@ def my_form_open(dialog, layer, feature):
5
2.5
+ false
false
false
1
@@ -627,7 +647,7 @@ def my_form_open(dialog, layer, feature):
lizmap_user_groups
- intranet
+ testsrepository
@@ -726,6 +746,9 @@ def my_form_open(dialog, layer, feature):
+
+
+
nboisteault
2024-03-29T14:34:53
@@ -733,9 +756,10 @@ def my_form_open(dialog, layer, feature):
+
-
+
PROJCRS["RGF93 v1 / Lambert-93",BASEGEOGCRS["RGF93 v1",DATUM["Reseau Geodesique Francais 1993 v1",ELLIPSOID["GRS 1980",6378137,298.257222101,LENGTHUNIT["metre",1]]],PRIMEM["Greenwich",0,ANGLEUNIT["degree",0.0174532925199433]],ID["EPSG",4171]],CONVERSION["Lambert-93",METHOD["Lambert Conic Conformal (2SP)",ID["EPSG",9802]],PARAMETER["Latitude of false origin",46.5,ANGLEUNIT["degree",0.0174532925199433],ID["EPSG",8821]],PARAMETER["Longitude of false origin",3,ANGLEUNIT["degree",0.0174532925199433],ID["EPSG",8822]],PARAMETER["Latitude of 1st standard parallel",49,ANGLEUNIT["degree",0.0174532925199433],ID["EPSG",8823]],PARAMETER["Latitude of 2nd standard parallel",44,ANGLEUNIT["degree",0.0174532925199433],ID["EPSG",8824]],PARAMETER["Easting at false origin",700000,LENGTHUNIT["metre",1],ID["EPSG",8826]],PARAMETER["Northing at false origin",6600000,LENGTHUNIT["metre",1],ID["EPSG",8827]]],CS[Cartesian,2],AXIS["easting (X)",east,ORDER[1],LENGTHUNIT["metre",1]],AXIS["northing (Y)",north,ORDER[2],LENGTHUNIT["metre",1]],USAGE[SCOPE["Engineering survey, topographic mapping."],AREA["France - onshore and offshore, mainland and Corsica."],BBOX[41.15,-9.86,51.56,10.38]],ID["EPSG",2154]]
+proj=lcc +lat_0=46.5 +lon_0=3 +lat_1=49 +lat_2=44 +x_0=700000 +y_0=6600000 +ellps=GRS80 +towgs84=0,0,0,0,0,0,0 +units=m +no_defs
@@ -749,7 +773,7 @@ def my_form_open(dialog, layer, feature):
-
+
@@ -800,4 +824,7 @@ def my_form_open(dialog, layer, feature):
-
+
+
+
+
\ No newline at end of file
diff --git a/tests/qgis-projects/tests/xss.qgs.cfg b/tests/qgis-projects/tests/xss.qgs.cfg
index 660bfb50bc..9f55f9c7e2 100644
--- a/tests/qgis-projects/tests/xss.qgs.cfg
+++ b/tests/qgis-projects/tests/xss.qgs.cfg
@@ -1,16 +1,16 @@
{
"metadata": {
- "qgis_desktop_version": 32815,
- "lizmap_plugin_version_str": "4.3.6-alpha",
- "lizmap_plugin_version": 40306,
- "lizmap_web_client_target_version": 30800,
+ "qgis_desktop_version": 33412,
+ "lizmap_plugin_version_str": "4.4.5-alpha",
+ "lizmap_plugin_version": 40405,
+ "lizmap_web_client_target_version": 31000,
"lizmap_web_client_target_status": "Dev",
"instance_target_url": "http://localhost:8130/",
- "instance_target_repository": "intranet"
+ "instance_target_repository": "testsrepository"
},
"warnings": {},
"debug": {
- "total_time": 0.31200000000000006
+ "total_time": 0.36500000000000005
},
"options": {
"projection": {
@@ -46,6 +46,7 @@
"pointTolerance": 25,
"lineTolerance": 10,
"polygonTolerance": 5,
+ "automatic_permalink": false,
"tmTimeFrameSize": 10,
"tmTimeFrameType": "seconds",
"tmAnimationFrameLength": 1000,
@@ -135,7 +136,6 @@
"editionLayers": {
"xss_layer": {
"layerId": "xss_3334b2fd_75f9_4301_a075_402f6dbed37b",
- "snap_layers": [],
"snap_vertices": "False",
"snap_segments": "False",
"snap_intersections": "False",