You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@myfaces.apache.org by "Leonardo Uribe (JIRA)" <de...@myfaces.apache.org> on 2008/08/07 20:04:44 UTC

[jira] Commented: (MYFACES-1818) JavascriptUtils.encodeString does not properly translate '\' characters into "\\" (2) characters

    [ https://issues.apache.org/jira/browse/MYFACES-1818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12620700#action_12620700 ] 

Leonardo Uribe commented on MYFACES-1818:
-----------------------------------------

At first view, there are only 4 components that uses this method:

t:inputCalendar
t:inputHtml
t:jscookMenu
t:panelTab

if we allow encode a single "\" into two "\\" we could have code like this:

var a='\n';

into

var a ='\\n';

which it is not what should be. There is something missing in the description of problem.



> JavascriptUtils.encodeString does not properly translate '\' characters into "\\" (2) characters
> ------------------------------------------------------------------------------------------------
>
>                 Key: MYFACES-1818
>                 URL: https://issues.apache.org/jira/browse/MYFACES-1818
>             Project: MyFaces Core
>          Issue Type: Bug
>          Components: General
>    Affects Versions: 1.1.5, 1.2.2
>         Environment: Standard
>            Reporter: Nicholas Hagen
>   Original Estimate: 0h
>  Remaining Estimate: 0h
>
> JavascriptUtils.encodeString does not properly translate a single '\' backslash char into two "\\" backslash characters in order to properly escape the Javascript string.  The fix should be:
> public static String encodeString(String string)
>     {
>         if (string == null)
>         {
>             return "";
>         }
>         StringBuffer sb = null;	//create later on demand
>         String app;
>         char c;
>         for (int i = 0; i < string.length (); ++i)
>         {
>             app = null;
>             c = string.charAt(i);
>             switch (c)
>             {
>                 case '\\' : app = "\\\\";  break; // NJH - Use double backslash as output for single backslash rather than  single backslash for single backslash
>                 case '"' : app = "\\\"";  break;
>                 case '\'' : app = "\\'";  break;
>                 case '\n' : app = "\\n";  break;
>                 case '\r' : app = "\\r";  break;
>             }
>             if (app != null)
>             {
>                 if (sb == null)
>                 {
>                     sb = new StringBuffer(string.substring(0, i));
>                 }
>                 sb.append(app);
>             } else {
>                 if (sb != null)
>                 {
>                     sb.append(c);
>                 }
>             }
>         }
>         if (sb == null)
>         {
>             return string;
>         }
>         else
>         {
>             return sb.toString();
>         }
>     }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.