You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by ni...@apache.org on 2005/11/07 14:05:00 UTC
svn commit: r331261 -
/struts/taglib/trunk/src/java/org/apache/struts/taglib/html/JavascriptValidatorTag.java
Author: niallp
Date: Mon Nov 7 05:04:49 2005
New Revision: 331261
URL: http://svn.apache.org/viewcvs?rev=331261&view=rev
Log:
Fix for Bug 37131 - Escape newlines in the Validator variables - code copied from Velocity Tools project (see JIRA issue VELTOOLS-52), thanks to Christopher Schultz and Nathan Bubna.
Modified:
struts/taglib/trunk/src/java/org/apache/struts/taglib/html/JavascriptValidatorTag.java
Modified: struts/taglib/trunk/src/java/org/apache/struts/taglib/html/JavascriptValidatorTag.java
URL: http://svn.apache.org/viewcvs/struts/taglib/trunk/src/java/org/apache/struts/taglib/html/JavascriptValidatorTag.java?rev=331261&r1=331260&r2=331261&view=diff
==============================================================================
--- struts/taglib/trunk/src/java/org/apache/struts/taglib/html/JavascriptValidatorTag.java (original)
+++ struts/taglib/trunk/src/java/org/apache/struts/taglib/html/JavascriptValidatorTag.java Mon Nov 7 05:04:49 2005
@@ -513,9 +513,7 @@
continue;
}
- String varValueEscaped = ValidatorUtils.replace(varValue, "\\", "\\\\");
- varValueEscaped = ValidatorUtils.replace(varValueEscaped, "\"", "\\\"");
- varValueEscaped = ValidatorUtils.replace(varValueEscaped, "'", "\\'");
+ String varValueEscaped = escapeJavascript(varValue);
if (Var.JSTYPE_INT.equalsIgnoreCase(jsType)) {
results.append(
@@ -584,6 +582,49 @@
}
return buffer.toString();
+ }
+
+ /**
+ * <p>Backslash-escapes the following characters from the input string:
+ * ", ', \, \r, \n.</p>
+ *
+ * <p>This method escapes characters that will result in an invalid
+ * Javascript statement within the validator Javascript.</p>
+ *
+ * @param str The string to escape.
+ * @return The string <code>s</code> with each instance of a double quote,
+ * single quote, backslash, carriage-return, or line feed escaped
+ * with a leading backslash.
+ */
+ private String escapeJavascript(String str)
+ {
+ if (str == null)
+ {
+ return null;
+ }
+ int length = str.length();
+ if (length == 0)
+ {
+ return str;
+ }
+
+ // guess at how many chars we'll be adding...
+ StringBuffer out = new StringBuffer(length + 4);
+ // run through the string escaping sensitive chars
+ for (int i=0; i < length; i++)
+ {
+ char c = str.charAt(i);
+ if (c == '"' ||
+ c == '\'' ||
+ c == '\\' ||
+ c == '\n' ||
+ c == '\r')
+ {
+ out.append('\\');
+ }
+ out.append(c);
+ }
+ return out.toString();
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org