[BUG][UI]: Fetch Tools button broken due to Jinja tojson quote escaping in gateways_partial.html

[asasar]

🐞 Bug Summary

After OAuth authorization completes successfully, the Fetch Tools button in the Admin UI Gateways page (admin/#gateways) does not respond to clicks. The button's onclick handler is malformed due to incorrect Jinja template quote escaping.

Related: This issue was partially addressed by #3062 (which fixed the 401 cookie auth error), but the button itself remains broken due to HTML attribute corruption.

---

🧩 Affected Component

• mcpgateway - UI (admin panel)

---

🔁 Steps to Reproduce

1. Navigate to admin/#gateways
2. Click 🔐 Authorize on a gateway that requires OAuth
3. Complete the OAuth flow → redirected to /oauth/callback success page
4. Click Fetch Tools on the success page → works correctly ✅
5. Return to admin/#gateways
6. Click 🔧 Fetch Tools on the same gateway → nothing happens ❌

---

🤔 Expected Behavior

Clicking the Fetch Tools button should trigger the fetchToolsForGateway() function and fetch tools from the MCP server.

---

📓 Root Cause Analysis

The button in gateways_partial.html (line 41) uses Jinja's |tojson filter inside an onclick attribute with double quotes:

<button onclick="fetchToolsForGateway({{ gateway.id|tojson }}, {{ gateway.name|tojson }})">

The |tojson filter outputs JSON-encoded strings with double quotes, producing:

<button onclick="fetchToolsForGateway("1965277a17bc48cb9296ebeafe3a252f", "auth-mcp-server")">

This causes HTML attribute parsing corruption. The browser interprets it as:

<button onclick="fetchToolsForGateway(" 1965277a17bc48cb9296ebeafe3a252f",="" "auth-mcp-server")"="">

Comparison with working code in admin.html (line 4974):

<button onclick="fetchToolsForGateway('{{ gateway.id }}', '{{ gateway.name }}')">

This uses single quotes inside the onclick, which correctly renders as:

<button onclick="fetchToolsForGateway('1965277a17bc48cb9296ebeafe3a252f', 'auth-mcp-server')">

🧠 Environment Info

Key	Value
Version or commit	main (post-#3062 merge)
Runtime	Python 3.11
Platform / OS	Windows 10 / Linux
Container	N/A

---

🧩 Additional Context

• The gateways_partial.html template is loaded via HTMX when paginating or refreshing the gateways list
• The same issue does not affect the initial page load (which uses admin.html directly)
• Other buttons in the same template (View, Edit) correctly use '{{ gateway.id }}' without |tojson

[crivetimihai]

Thanks @asasar. Confirmed — the |tojson filter in gateways_partial.html:41 outputs double-quoted strings inside a double-quoted onclick attribute, corrupting the HTML. The fix is to switch the attribute to single quotes or use a data attribute with an event listener instead.