Fixed following schema diff issues:

1) Avoid template databases from the Database drop-down list.
 2) Exclude system schemas while comparing two databases.
 3) Escape group name for XSS.

web/pgadmin/browser/server_groups/servers/databases/__init__.py

@@ -251,9 +251,16 @@ class DatabaseView(PGChildNodeView):
                 'datlastsysoid']
         return last_system_oid
 
-    def get_nodes(self, gid, sid, show_system_templates=False):
+    def get_nodes(self, gid, sid, is_schema_diff=False):
         res = []
         last_system_oid = self.retrieve_last_system_oid()
+
+        # if is_schema_diff then no need to show system templates.
+        if is_schema_diff and self.manager.db_info is not None and \
+                self.manager.did in self.manager.db_info:
+            last_system_oid = \
+                self.manager.db_info[self.manager.did]['datlastsysoid']
+
         server_node_res = self.manager
 
         db_disp_res = None
@@ -303,8 +310,8 @@ class DatabaseView(PGChildNodeView):
         return res
 
     @check_precondition(action="nodes")
-    def nodes(self, gid, sid):
+    def nodes(self, gid, sid, is_schema_diff=False):
-        res = self.get_nodes(gid, sid)
+        res = self.get_nodes(gid, sid, is_schema_diff)
 
         return make_json_response(
             data=res,

web/pgadmin/browser/server_groups/servers/databases/schemas/__init__.py

@@ -413,7 +413,7 @@ class SchemaView(PGChildNodeView):
         )
 
     @check_precondition
-    def nodes(self, gid, sid, did, scid=None):
+    def nodes(self, gid, sid, did, scid=None, is_schema_diff=False):
         """
         This function will create all the child nodes within the collection
         Here it will create all the schema node.
@@ -422,6 +422,8 @@ class SchemaView(PGChildNodeView):
             gid: Server Group ID
             sid: Server ID
             did: Database ID
+            scid: Schema ID
+            is_schema_diff: True if called by schema diff tool
 
         Returns:
             JSON of available schema child nodes
@@ -437,9 +439,13 @@ class SchemaView(PGChildNodeView):
                     ["'%s'"] * len(schema_restrictions.split(',')))
                 param = schema_res % (tuple(schema_restrictions.split(',')))
 
+        show_system_objects = self.blueprint.show_system_objects
+        if is_schema_diff:
+            show_system_objects = False
+
         SQL = render_template(
             "/".join([self.template_path, self._SQL_PREFIX + self._NODES_SQL]),
-            show_sysobj=self.blueprint.show_system_objects,
+            show_sysobj=show_system_objects,
             _=gettext,
             scid=scid,
             schema_restrictions=param

web/pgadmin/tools/schema_diff/__init__.py

@@ -388,7 +388,8 @@ def databases(sid):
         view = SchemaDiffRegistry.get_node_view('database')
 
         server = Server.query.filter_by(id=sid).first()
-        response = view.nodes(gid=server.servergroup_id, sid=sid)
+        response = view.nodes(gid=server.servergroup_id, sid=sid,
+                              is_schema_diff=True)
         databases = json.loads(response.data)['data']
         for db in databases:
             res.append({
@@ -653,7 +654,8 @@ def get_schemas(sid, did):
     try:
         view = SchemaDiffRegistry.get_node_view('schema')
         server = Server.query.filter_by(id=sid).first()
-        response = view.nodes(gid=server.servergroup_id, sid=sid, did=did)
+        response = view.nodes(gid=server.servergroup_id, sid=sid, did=did,
+                              is_schema_diff=True)
         schemas = json.loads(response.data)['data']
         return schemas
     except Exception as e:

web/pgadmin/tools/schema_diff/static/css/schema_diff.css

@@ -3,18 +3,6 @@
   font-size: 1.3em !important;
 }
 
-.icon-schema-diff-white {
- display: inline-block;
- align-content: center;
- vertical-align: sub;
- height: 18px;
- width: 18px;
- background-size: 20px !important;
- background-repeat: no-repeat;
- background-position-x: center;
- background-position-y: center;
- }
-
 .icon-script {
   display: inline-block;
   align-content: center;

web/pgadmin/tools/schema_diff/static/js/schema_diff.backform.js

@@ -317,7 +317,7 @@ let SchemaDiffHeaderView = Backform.Form.extend({
       <div class="col-6 target row"></div>
       <div class="col-5 target-buttons">
           <div class="action-btns d-flex">
-              <button class="btn btn-primary mr-auto"><span class="icon-schema-diff icon-schema-diff-white"></span>&nbsp;` + gettext('Compare') + `</button>
+              <button class="btn btn-primary mr-auto"><span class="pg-font-icon icon-schema-diff sql-icon-lg"></span>&nbsp;` + gettext('Compare') + `</button>
               <button id="generate-script" class="btn btn-primary-icon mr-1" disabled><i class="fa fa-file-code sql-icon-lg"></i>&nbsp;` + gettext('Generate Script') + `</button>
               <div class="btn-group mr-1" role="group" aria-label="">
                 <button id="btn-filter" type="button" class="btn btn-primary-icon"

web/pgadmin/tools/schema_diff/static/js/schema_diff_ui.js

@@ -18,6 +18,7 @@ import {setPGCSRFToken} from 'sources/csrf';
 import {generateScript} from 'tools/datagrid/static/js/show_query_tool';
 import 'pgadmin.sqleditor';
 import pgWindow from 'sources/window';
+import _ from 'underscore';
 
 import { SchemaDiffSelect2Control, SchemaDiffHeaderView,
   SchemaDiffFooterView, SchemaDiffSqlControl} from './schema_diff.backform';
@@ -330,7 +331,7 @@ export default class SchemaDiffUI {
           if (g.rows[0].group_name == 'Database Objects'){
             icon = 'icon-coll-database';
           }
-          return '<i class="wcTabIcon '+ icon +'"></i><span>' + g.rows[0].group_name;
+          return '<i class="wcTabIcon '+ icon +'"></i><span>' + _.escape(g.rows[0].group_name);
         },
         aggregateCollapsed: true,
         lazyTotalsCalculation: true,