You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#9479)
## PR Description
**Problem**
The expression like
```
`datum["${str}"]`
```
which is vulnerable when `str` has double quotes, such as `'hello,
"world"'`.
The expression with single quotes is the same
```
`datum['${str}']`
```
which is vulnerable when `str` has single quotes, such as `"Vega's
Favorite"`.
**Solution**
This PR fixes the existing datum access expression to have a proper
quote escape by calling `accessWithDatumToUnescapedPath`
It fixes the issue of timeunit band position transforms which don't
escape the field name correctly.
#9480
---------
Co-authored-by: GitHub Actions Bot <[email protected]>
Bug Description
When timeUnitBandPosition is set, the escaped field doesn't work.
It returns the below error:
https://vega.github.io/editor/#/url/vega-lite/N4IgJAzgxgFgpgWwIYgFwhgF0wBwqgegIDc4BzJAOjIEtMYBXAI0poHsDp5kTykBaADZ04JAKyUAVhDYA7EABoQAEySYUqUMSSCGcCGgDaoAOSZEONgCcdJtCABMABgcAWfk4CMHz4pBkrNgYcewAPP21dODQnSk8AXwBdeKVkKwBreyYkKz84WSg2ZRpZMjRQcM0QADMaOEFlewAdJrMLax0WuyVMAE8caPRzBEsbQT9MGgQ4AFVZOnsGTCheuByEOXpVcxAUkF7ymrqG+0i9Cf7BkABHBiRZSfVJ0l29wtlasqrs3KrJ6bmdAAQvdlAAFNgQOjseSoJzxBFAA
Checklist
The text was updated successfully, but these errors were encountered: