You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by ni...@apache.org on 2005/11/07 14:24:04 UTC
svn commit: r331265 -
/struts/core/branches/STRUTS_1_2_BRANCH/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java
Author: niallp
Date: Mon Nov 7 05:23:54 2005
New Revision: 331265
URL: http://svn.apache.org/viewcvs?rev=331265&view=rev
Log:
Port fix for Bug 37131 to 1.2.x branch - Escape newlines in the Validator variables - code copied from Velocity Tools project (see JIRA issue VELTOOLS-52), thanks to Christopher Schultz and Nathan Bubna.
Modified:
struts/core/branches/STRUTS_1_2_BRANCH/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java
Modified: struts/core/branches/STRUTS_1_2_BRANCH/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java
URL: http://svn.apache.org/viewcvs/struts/core/branches/STRUTS_1_2_BRANCH/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java?rev=331265&r1=331264&r2=331265&view=diff
==============================================================================
--- struts/core/branches/STRUTS_1_2_BRANCH/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java (original)
+++ struts/core/branches/STRUTS_1_2_BRANCH/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java Mon Nov 7 05:23:54 2005
@@ -517,8 +517,7 @@
continue;
}
- String varValueEscaped = ValidatorUtils.replace(varValue, "\\", "\\\\");
- varValueEscaped = ValidatorUtils.replace(varValueEscaped, "\"", "\\\"");
+ String varValueEscaped = escapeJavascript(varValue);
if (Var.JSTYPE_INT.equalsIgnoreCase(jsType)) {
results.append(
@@ -587,6 +586,51 @@
}
return buffer.toString();
+ }
+
+ /**
+ * <p>Backslash-escapes the following characters from the input string:
+ * ", ', \, \r, \n.</p>
+ *
+ * <p>This method escapes characters that will result in an invalid
+ * Javascript statement within the validator Javascript.</p>
+ *
+ * @param str The string to escape.
+ * @return The string <code>s</code> with each instance of a double quote,
+ * single quote, backslash, carriage-return, or line feed escaped
+ * with a leading backslash.
+ *
+ * @since Struts 1.2.8
+ */
+ private String escapeJavascript(String str)
+ {
+ if (str == null)
+ {
+ return null;
+ }
+ int length = str.length();
+ if (length == 0)
+ {
+ return str;
+ }
+
+ // guess at how many chars we'll be adding...
+ StringBuffer out = new StringBuffer(length + 4);
+ // run through the string escaping sensitive chars
+ for (int i=0; i < length; i++)
+ {
+ char c = str.charAt(i);
+ if (c == '"' ||
+ c == '\'' ||
+ c == '\\' ||
+ c == '\n' ||
+ c == '\r')
+ {
+ out.append('\\');
+ }
+ out.append(c);
+ }
+ return out.toString();
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org