Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

timeUnitBandPosition with escaped field (e.g., "\\'fieldName\\'") doesn't work. #9480

Closed
1 task done
yhoonkim opened this issue Nov 23, 2024 · 2 comments · Fixed by #9479
Closed
1 task done

timeUnitBandPosition with escaped field (e.g., "\\'fieldName\\'") doesn't work. #9480

yhoonkim opened this issue Nov 23, 2024 · 2 comments · Fixed by #9479
Labels
Bug 🐛

Comments

@yhoonkim
Copy link
Contributor

Bug Description

When timeUnitBandPosition is set, the escaped field doesn't work.

{
  "$schema": "https://vega.github.io/schema/vega-lite/v5.json",
  "data": {
    "values": [{"'temporal'": "2024-01-01", "group": "x", "value": 0.1}]
  },
  "mark": "bar",
  "encoding": {
    "x": {
      "field": "\\'temporal\\'",
      "type": "temporal",
      "timeUnit": "utcyearmonthdate"
    },
    "y": {"field": "value", "type": "quantitative"}
  },
  "config": {"bar": {"timeUnitBandPosition": 0}}
}

It returns the below error:

Expression parse error: 0.5 * utcOffset('date', datum['utcyearmonthdate_'temporal''], -1) + 0.5 * datum['utcyearmonthdate_'temporal'']

https://vega.github.io/editor/#/url/vega-lite/N4IgJAzgxgFgpgWwIYgFwhgF0wBwqgegIDc4BzJAOjIEtMYBXAI0poHsDp5kTykBaADZ04JAKyUAVhDYA7EABoQAEySYUqUMSSCGcCGgDaoAOSZEONgCcdJtCABMABgcAWfk4CMHz4pBkrNgYcewAPP21dODQnSk8AXwBdeKVkKwBreyYkKz84WSg2ZRpZMjRQcM0QADMaOEFlewAdJrMLax0WuyVMAE8caPRzBEsbQT9MGgQ4AFVZOnsGTCheuByEOXpVcxAUkF7ymrqG+0i9Cf7BkABHBiRZSfVJ0l29wtlasqrs3KrJ6bmdAAQvdlAAFNgQOjseSoJzxBFAA

Checklist
  • I checked for duplicate issues.
@yhoonkim yhoonkim mentioned this issue Nov 23, 2024
Merged
yhoonkim added a commit that referenced this issue Dec 3, 2024
@yhoonkim
fix(#9480): apply proper quote escapes for the datum access expression (
6a73892 
#9479)

## PR Description

**Problem**

The expression like 
```
`datum["${str}"]`
```
which is vulnerable when `str` has double quotes, such as `'hello,
"world"'`.

The expression with single quotes is the same
```
`datum['${str}']`
```
which is vulnerable when `str` has single quotes, such as `"Vega's
Favorite"`.

**Solution**
This PR fixes the existing datum access expression to have a proper
quote escape by calling `accessWithDatumToUnescapedPath`

It fixes the issue of timeunit band position transforms which don't
escape the field name correctly.

#9480

---------

Co-authored-by: GitHub Actions Bot <vega-actions-bot@users.noreply.github.com>
@03juan
Copy link

03juan commented Jan 15, 2025

Closed by #9479

@dangotbanned dangotbanned linked a pull request Jan 16, 2025 that will close this issue
fix(#9480): apply proper quote escapes for the datum access expression #9479
Merged
@dangotbanned
Copy link
Member

Closed by #9479

Thanks for highlighting this @03juan

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug 🐛
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(#9480): apply proper quote escapes for the datum access expression vega/vega-lite
3 participants
@03juan @yhoonkim @dangotbanned