You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by jo...@apache.org on 2009/12/01 22:34:28 UTC
svn commit: r885940 -
/incubator/shindig/trunk/features/src/main/javascript/features/flash/flash.js
Author: johnh
Date: Tue Dec 1 21:34:28 2009
New Revision: 885940
URL: http://svn.apache.org/viewvc?rev=885940&view=rev
Log:
Fix for flash embedding in IE. appendChild doesn't work for some odd reason, so innerHTML is required.
Modified:
incubator/shindig/trunk/features/src/main/javascript/features/flash/flash.js
Modified: incubator/shindig/trunk/features/src/main/javascript/features/flash/flash.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/src/main/javascript/features/flash/flash.js?rev=885940&r1=885939&r2=885940&view=diff
==============================================================================
--- incubator/shindig/trunk/features/src/main/javascript/features/flash/flash.js (original)
+++ incubator/shindig/trunk/features/src/main/javascript/features/flash/flash.js Tue Dec 1 21:34:28 2009
@@ -150,8 +150,20 @@
flashObj.setAttribute(prop, opt_params[prop]);
}
}
+ // Inject flash object
+ swfContainer.innerHTML = '';
+ swfContainer.appendChild(flashObj);
+ return true;
} else {
// Use <object> tag for IE
+ // For some odd reason IE demands that innerHTML be used to set <param>
+ // values; they're otherwise ignored. As such, we need to be careful
+ // what values we accept in opt_params to avoid it being possible to
+ // use this HTML generation for nefarious purposes.
+ var propIsHtmlSafe = function(val) {
+ return !/["<>]/.test(val);
+ }
+
opt_params.movie = swfUrl;
var attr = {
width: opt_params.width,
@@ -162,28 +174,30 @@
attr.id = opt_params.id;
}
- flashObj = document.createElement('object');
- flashObj.setAttribute('data', swfUrl);
+ var html = '<object';
for (var attrProp in attr) {
- if (!/___$/.test(attrProp)) {
- flashObj.setAttribute(attrProp, attr[attrProp]);
+ if (!/___$/.test(attrProp) &&
+ propIsHtmlSafe(attrProp) &&
+ propIsHtmlSafe(attr[attrProp])) {
+ html += ' ' + attrProp + '="' + attr[attrProp] + '"';
}
}
+ html += '>';
+
for (var paramsProp in opt_params) {
var param = document.createElement('param');
if (!/^swf_/.test(paramsProp) &&
!attr[paramsProp] &&
- !/___$/.test(paramsProp)) {
- param.setAttribute('name', paramsProp);
- param.setAttribute('value', opt_params[paramsProp]);
- flashObj.appendChild(param);
+ !/___$/.test(paramsProp) &&
+ propIsHtmlSafe(paramsProp) &&
+ propIsHtmlSafe(opt_params[paramsProp])) {
+ html += '<param name="' + paramsProp + '" value="'
+ + opt_params[paramsProp] + '" />';
}
}
+ html += '</object>';
}
- // Inject flash object
- swfContainer.innerHTML = '';
- swfContainer.appendChild(flashObj);
- return true;
+ swfContainer.innerHTML = html;
}
}
return false;