You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tapestry.apache.org by hl...@apache.org on 2007/06/28 21:12:32 UTC

svn commit: r551664 - in /tapestry/tapestry5/trunk/tapestry-core/src: main/java/org/apache/tapestry/ main/java/org/apache/tapestry/validator/ main/resources/org/apache/tapestry/ test/java/org/apache/tapestry/ test/java/org/apache/tapestry/integration/

Author: hlship
Date: Thu Jun 28 12:12:31 2007
New Revision: 551664

URL: http://svn.apache.org/viewvc?view=rev&rev=551664
Log:
TAPESTRY-1610: Implement regular expression based input validation (client and server)

Modified:
    tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry/TapestryUtils.java
    tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry/validator/Regexp.java
    tapestry/tapestry5/trunk/tapestry-core/src/main/resources/org/apache/tapestry/tapestry.js
    tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry/TapestryUtilsTest.java
    tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry/integration/IntegrationTests.java

Modified: tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry/TapestryUtils.java
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry/TapestryUtils.java?view=diff&rev=551664&r1=551663&r2=551664
==============================================================================
--- tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry/TapestryUtils.java (original)
+++ tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry/TapestryUtils.java Thu Jun 28 12:12:31 2007
@@ -19,19 +19,44 @@
  */
 public class TapestryUtils
 {
+    private static final char APOS = '\'';
+
+    private static final char QUOTE = '"';
+
+    private static final char SLASH = '\\';
 
     /**
      * Quotes the provided value as a JavaScript string literal. The input value is surrounded by
-     * single quotes and any interior single or double quotes are escaped (a preceding backslash is
-     * added).
+     * single quotes and any interior backslash, single or double quotes are escaped (a preceding
+     * backslash is added).
      * 
      * @param text
      * @return quoted text
      */
     public static String quote(String text)
     {
-        // TODO: Lots more, and maybe use a regexp?
-        
-        return "'" + text.replace("'", "\\'").replace("\"", "\\\"") + "'";
+        StringBuilder result = new StringBuilder(text.length() * 2);
+
+        result.append(APOS);
+
+        for (char ch : text.toCharArray())
+        {
+            switch (ch)
+            {
+                case APOS:
+                case QUOTE:
+                case SLASH:
+
+                    result.append(SLASH);
+
+                default:
+                    result.append(ch);
+                    break;
+            }
+        }
+
+        result.append(APOS);
+
+        return result.toString();
     }
 }

Modified: tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry/validator/Regexp.java
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry/validator/Regexp.java?view=diff&rev=551664&r1=551663&r2=551664
==============================================================================
--- tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry/validator/Regexp.java (original)
+++ tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry/validator/Regexp.java Thu Jun 28 12:12:31 2007
@@ -56,12 +56,10 @@
     public void render(Field field, Pattern constraintValue, MessageFormatter formatter,
             MarkupWriter writer, PageRenderSupport pageRenderSupport)
     {
-        String clientPattern = Pattern.quote(constraintValue.pattern());
-
         pageRenderSupport.addScript(
                 "Tapestry.Field.regexp('%s', %s, %s);",
                 field.getClientId(),
-                quote(clientPattern),
+                quote(constraintValue.pattern()),
                 quote(buildMessage(formatter, field, constraintValue)));
 
     }

Modified: tapestry/tapestry5/trunk/tapestry-core/src/main/resources/org/apache/tapestry/tapestry.js
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/resources/org/apache/tapestry/tapestry.js?view=diff&rev=551664&r1=551663&r2=551664
==============================================================================
--- tapestry/tapestry5/trunk/tapestry-core/src/main/resources/org/apache/tapestry/tapestry.js (original)
+++ tapestry/tapestry5/trunk/tapestry-core/src/main/resources/org/apache/tapestry/tapestry.js Thu Jun 28 12:12:31 2007
@@ -153,8 +153,11 @@
   },
   
   regexp : function(field, pattern, message) {
+    var regexp = new RegExp(pattern);
+      
     Tapestry.addValidator(field, false, function(value, event) {
-      if (! new Pattern(pattern).matches(value))
+    
+      if (! regexp.test(value))
         event.recordError(message);
     });
   }  

Modified: tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry/TapestryUtilsTest.java
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry/TapestryUtilsTest.java?view=diff&rev=551664&r1=551663&r2=551664
==============================================================================
--- tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry/TapestryUtilsTest.java (original)
+++ tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry/TapestryUtilsTest.java Thu Jun 28 12:12:31 2007
@@ -15,16 +15,26 @@
 package org.apache.tapestry;
 
 import org.testng.Assert;
+import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
 
 public class TapestryUtilsTest extends Assert
 {
-    @Test
-    public void string_quoting()
+    @Test(dataProvider = "string_quoting_input")
+    public void string_quoting(String input, String expected)
     {
-        assertEquals(
-                TapestryUtils.quote("Suzy said: \"It's not the proper time\"."),
-                "'Suzy said: \\\"It\\'s not the proper time\\\".'");
+        assertEquals(TapestryUtils.quote(input), expected);
+    }
 
+    @DataProvider(name = "string_quoting_input")
+    public Object[][] inputs()
+    {
+        return new Object[][]
+        {
+                { "Suzy said: \"It's not the proper time\".",
+                        "'Suzy said: \\\"It\\'s not the proper time\\\".'" },
+                { "regexp: \\d{4}", "'regexp: \\\\d{4}'" },
+
+        };
     }
 }

Modified: tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry/integration/IntegrationTests.java
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry/integration/IntegrationTests.java?view=diff&rev=551664&r1=551663&r2=551664
==============================================================================
--- tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry/integration/IntegrationTests.java (original)
+++ tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry/integration/IntegrationTests.java Thu Jun 28 12:12:31 2007
@@ -1088,7 +1088,7 @@
 
         type("zipCode", "abc");
 
-        clickAndWait(update);
+        click(update); // but don't wait
 
         assertTextPresent("A zip code consists of five or nine digits, eg: 02134 or 90125-4472.");