You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by ja...@apache.org on 2010/04/13 20:22:23 UTC
svn commit: r933730 -
/myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtils.java
Author: jakobk
Date: Tue Apr 13 18:22:23 2010
New Revision: 933730
URL: http://svn.apache.org/viewvc?rev=933730&view=rev
Log:
MYFACES-2657 Already escaped apostrophes are double-escaped while building the ClientBehavior JavaScript
Modified:
myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtils.java
Modified: myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtils.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtils.java?rev=933730&r1=933729&r2=933730&view=diff
==============================================================================
--- myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtils.java (original)
+++ myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtils.java Tue Apr 13 18:22:23 2010
@@ -2142,7 +2142,7 @@ public final class HtmlRendererUtils {
{
//either strings or functions, but I assume string is more appropriate since it allows access to the
//origin as this!
- target.append("'" + StringUtils.replace(script, '\'', "\\'") + "'");
+ target.append("'" + escapeJavaScriptForChain(script) + "'");
if (clientIterator.hasNext())
{
target.append(", ");
@@ -2184,9 +2184,7 @@ public final class HtmlRendererUtils {
{
// escape every ' in the user event code since it will
// be a string attribute of jsf.util.chain
- userEventCode = StringUtils.replace(userEventCode, '\'', "\\'");
-
- finalParams.add('\'' + userEventCode + '\'');
+ finalParams.add('\'' + escapeJavaScriptForChain(userEventCode) + '\'');
}
final MyfacesConfig currentInstance = MyfacesConfig
@@ -2204,7 +2202,7 @@ public final class HtmlRendererUtils {
if (serverEventCode != null
&& !serverEventCode.trim().equals(STR_EMPTY))
{
- finalParams.add('\''+serverEventCode+'\'');
+ finalParams.add('\'' + escapeJavaScriptForChain(serverEventCode) + '\'');
}
Iterator<String> it = finalParams.iterator();
@@ -2258,7 +2256,7 @@ public final class HtmlRendererUtils {
List<String> finalParams = new ArrayList<String>(3);
if (userEventCode != null && !userEventCode.trim().equals(STR_EMPTY))
{
- finalParams.add('\'' + StringUtils.replace(userEventCode, '\'', "\\'") + '\'');
+ finalParams.add('\'' + escapeJavaScriptForChain(userEventCode) + '\'');
}
final MyfacesConfig currentInstance = MyfacesConfig
@@ -2282,7 +2280,7 @@ public final class HtmlRendererUtils {
if (serverEventCode != null
&& !serverEventCode.trim().equals(STR_EMPTY))
{
- finalParams.add('\'' + StringUtils.replace(serverEventCode, '\'', "\\'") + '\'');
+ finalParams.add('\'' + escapeJavaScriptForChain(serverEventCode) + '\'');
}
Iterator<String> it = finalParams.iterator();
@@ -2315,6 +2313,25 @@ public final class HtmlRendererUtils {
}
/**
+ * This function correctly escapes the given JavaScript code
+ * for the use in the jsf.util.chain() JavaScript function.
+ * It also handles double-escaping correclty.
+ * @param javaScript
+ * @return
+ */
+ public static String escapeJavaScriptForChain(String javaScript)
+ {
+ // first replace \' with \\'
+ String escaped = StringUtils.replace(javaScript, "\\'", "\\\\'");
+
+ // then replace ' with \'
+ // (this will replace every \' in the original to \\\')
+ escaped = StringUtils.replace(escaped, '\'', "\\'");
+
+ return escaped;
+ }
+
+ /**
*
*
* @param facesContext