You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Mississippi John Hurt <jo...@gmail.com> on 2006/12/01 19:35:48 UTC
HTML Input field event with ' (quote) in name of var being set breaking javascript var assignment
Hi,
I have onclick handler which sets a form property via javascript. Problem is
when the myWeirdName has a quote in the name, this breaks my javascript
handling below. Can anyone help me get around this easily? Thanks.
<input type="image" onclick="strutsForm.myActionProp.value='takeaction';
strutsForm.myNameProp.value='<c:out value="${result.myWeirdName}"/>'; return
true" property="takeaction" src="button.gif" >
Re: HTML Input field event with ' (quote) in name of var being set
breaking javascript var assignment
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John,
Mississippi John Hurt wrote:
> I have onclick handler which sets a form property via javascript.
> Problem is when the myWeirdName has a quote in the name, this breaks
> my javascript handling below.
I had this same problem using Velocity Tools (instead of JSP) and it was
discussed in this bug here: http://issues.apache.org/jira/browse/VELTOOLS-52
I believe that Niall Pemberton "ported" the fix over to the Struts tag
library last November. Is your current version of Struts more recent
than that? If not, you may have to upgrade to get the fix.
If it's still broken, then apparently we missed something.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFcH059CaO5/Lv0PARAs5QAKCu56H7HBUIUydiW0NemBXyOxpzOwCfayDM
do2e6mRNAMWS8Q1NCJLngbo=
=11xR
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: HTML Input field event with ' (quote) in name of var being set
breaking javascript var assignment
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John,
Mississippi John Hurt wrote:
> I notice if the quote is escaped as... \'
> then it works fine, the problem is it will display wrong looking exactly
> like above, so I have to escape it 2 different ways...
Yeah, that's pretty much the deal. You want to do "javascript escaping",
not "HTML escaping". That's often inconvenient.
However, you know that the content will be going into the "onclick"
attribute, which will always be javascript. You ought to be able to
javascript-escape it first, then HTML escape it (to catch any of those
pesky non-HTML characters you might want to display).
> Using ' the default in most cases, but using the \' just for this
> javascript workaround.
> Is this correct, there's got to be a better way. I dont want to have 2
> versions of the same name (coming from the db).
No, you're right: separate storage is a kludge and a mistake. On-the-fly
escaping is the way to do it. You might have to write your own method in
your JSP, or your own tool that lives in the application scope, or your
own tag that does this kind of thing.
Have you searched to see if there are appropriate tags that already
exist? For instance, the Struts tags for dealing with validation might
be a good place to start (which is what I was recommending at first).
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFcJXh9CaO5/Lv0PARAtVBAKCMHaZFvhcrEUpzruSkwiDleloXWgCgl62S
7AD5fvFrHESWPIv3N2eW2bo=
=w3v2
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: HTML Input field event with ' (quote) in name of var being set breaking javascript var assignment
Posted by Mississippi John Hurt <jo...@gmail.com>.
I notice if the quote is escaped as... \'
then it works fine, the problem is it will display wrong looking exactly
like above, so I have to escape it 2 different ways...
Using ' the default in most cases, but using the \' just for this
javascript workaround.
Is this correct, there's got to be a better way. I dont want to have 2
versions of the same name (coming from the db).
On 12/1/06, Mississippi John Hurt <jo...@gmail.com> wrote:
>
> Actually its escaping it fine but it just doesnt work... The rendered html
> looks like... Can anyone spot what's wrong? Don't see why this wouldn't set
> the myNameProp.
>
> <input type="image" onclick=
> "strutsForm.myActionProp.value='takeaction';
> strutsForm.myNameProp.value='NameBeforeQuote'AfterQuote'; return true;"/>
>
>
> On 12/1/06, Christopher Schultz <ch...@christopherschultz.net> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > John,
> >
> > Mississippi John Hurt wrote:
> > > <input type="image" onclick="strutsForm.myActionProp.value='takeaction
> > ';
> > > strutsForm.myNameProp.value=' <c:out value="${result.myWeirdName}"/>';
> > > return
> > > true" property="takeaction" src="button.gif" >
> >
> > Sorry, I didn't see that you were using <c:out>. Is there a Struts tag
> > that can help you with this?
> >
> > If not, you might have to do it yourself by writing a short escaping
> > routine. You can even use the routine used in the patches to the bug I
> > mentioned in my last post.
> >
> > - -chris
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.5 (MingW32)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >
> > iD8DBQFFcH2k9CaO5/Lv0PARAtaFAJ9mZh3zmhkjIpCNg2HNrhHmFgCHwACaA8vA
> > TBRXD56KDBA4sHvCUZ44BQ8=
> > =KHXN
> > -----END PGP SIGNATURE-----
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > For additional commands, e-mail: user-help@struts.apache.org
> >
> >
>
Re: HTML Input field event with ' (quote) in name of var being set breaking javascript var assignment
Posted by Mississippi John Hurt <jo...@gmail.com>.
Actually its escaping it fine but it just doesnt work... The rendered html
looks like... Can anyone spot what's wrong? Don't see why this wouldn't set
the myNameProp.
<input type="image" onclick="strutsForm.myActionProp.value='takeaction';
strutsForm.myNameProp.value='NameBeforeQuote'AfterQuote'; return true;"/>
On 12/1/06, Christopher Schultz <ch...@christopherschultz.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> John,
>
> Mississippi John Hurt wrote:
> > <input type="image" onclick="strutsForm.myActionProp.value='takeaction';
> > strutsForm.myNameProp.value='<c:out value="${result.myWeirdName}"/>';
> > return
> > true" property="takeaction" src="button.gif" >
>
> Sorry, I didn't see that you were using <c:out>. Is there a Struts tag
> that can help you with this?
>
> If not, you might have to do it yourself by writing a short escaping
> routine. You can even use the routine used in the patches to the bug I
> mentioned in my last post.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFcH2k9CaO5/Lv0PARAtaFAJ9mZh3zmhkjIpCNg2HNrhHmFgCHwACaA8vA
> TBRXD56KDBA4sHvCUZ44BQ8=
> =KHXN
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
Re: HTML Input field event with ' (quote) in name of var being set
breaking javascript var assignment
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John,
Mississippi John Hurt wrote:
> <input type="image" onclick="strutsForm.myActionProp.value='takeaction';
> strutsForm.myNameProp.value='<c:out value="${result.myWeirdName}"/>';
> return
> true" property="takeaction" src="button.gif" >
Sorry, I didn't see that you were using <c:out>. Is there a Struts tag
that can help you with this?
If not, you might have to do it yourself by writing a short escaping
routine. You can even use the routine used in the patches to the bug I
mentioned in my last post.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFcH2k9CaO5/Lv0PARAtaFAJ9mZh3zmhkjIpCNg2HNrhHmFgCHwACaA8vA
TBRXD56KDBA4sHvCUZ44BQ8=
=KHXN
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org