You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by ni...@apache.org on 2005/11/07 14:05:00 UTC

svn commit: r331261 - /struts/taglib/trunk/src/java/org/apache/struts/taglib/html/JavascriptValidatorTag.java

Author: niallp
Date: Mon Nov  7 05:04:49 2005
New Revision: 331261

URL: http://svn.apache.org/viewcvs?rev=331261&view=rev
Log:
Fix for Bug 37131 - Escape newlines in the Validator variables - code copied from Velocity Tools project (see JIRA issue VELTOOLS-52), thanks to Christopher Schultz and Nathan Bubna.

Modified:
    struts/taglib/trunk/src/java/org/apache/struts/taglib/html/JavascriptValidatorTag.java

Modified: struts/taglib/trunk/src/java/org/apache/struts/taglib/html/JavascriptValidatorTag.java
URL: http://svn.apache.org/viewcvs/struts/taglib/trunk/src/java/org/apache/struts/taglib/html/JavascriptValidatorTag.java?rev=331261&r1=331260&r2=331261&view=diff
==============================================================================
--- struts/taglib/trunk/src/java/org/apache/struts/taglib/html/JavascriptValidatorTag.java (original)
+++ struts/taglib/trunk/src/java/org/apache/struts/taglib/html/JavascriptValidatorTag.java Mon Nov  7 05:04:49 2005
@@ -513,9 +513,7 @@
                         continue;
                     }
 
-                    String varValueEscaped = ValidatorUtils.replace(varValue, "\\", "\\\\");
-                    varValueEscaped = ValidatorUtils.replace(varValueEscaped, "\"", "\\\"");
-                    varValueEscaped = ValidatorUtils.replace(varValueEscaped, "'", "\\'");
+                    String varValueEscaped = escapeJavascript(varValue);
 
                     if (Var.JSTYPE_INT.equalsIgnoreCase(jsType)) {
                         results.append(
@@ -584,6 +582,49 @@
         }
 
         return buffer.toString();
+    }
+
+    /**
+     * <p>Backslash-escapes the following characters from the input string:
+     * &quot;, &apos;, \, \r, \n.</p>
+     *
+     * <p>This method escapes characters that will result in an invalid
+     * Javascript statement within the validator Javascript.</p>
+     *
+     * @param str The string to escape.
+     * @return The string <code>s</code> with each instance of a double quote,
+     *         single quote, backslash, carriage-return, or line feed escaped
+     *         with a leading backslash.
+     */
+    private String escapeJavascript(String str)
+    {
+        if (str == null)
+        {
+            return null;
+        }
+        int length = str.length();
+        if (length == 0)
+        {
+            return str;
+        }
+
+        // guess at how many chars we'll be adding...
+        StringBuffer out = new StringBuffer(length + 4);
+        // run through the string escaping sensitive chars
+        for (int i=0; i < length; i++)
+        {
+            char c = str.charAt(i);
+            if (c == '"'  ||
+                c == '\'' ||
+                c == '\\' || 
+                c == '\n' || 
+                c == '\r')
+            {
+                out.append('\\');
+            }
+            out.append(c);
+        }
+        return out.toString();
     }
 
     /**



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org