You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lu...@apache.org on 2011/01/13 03:29:32 UTC
svn commit: r1058392 - in /myfaces/shared/trunk/core/src:
main/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtils.java
test/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtilsTest.java
Author: lu4242
Date: Thu Jan 13 02:29:32 2011
New Revision: 1058392
URL: http://svn.apache.org/viewvc?rev=1058392&view=rev
Log:
MYFACES-3007 HtmlRendererUtils: incorrect handling of JavaScript code containing quote (' " ') symbol
Modified:
myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtils.java
myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtilsTest.java
Modified: myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtils.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtils.java?rev=1058392&r1=1058391&r2=1058392&view=diff
==============================================================================
--- myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtils.java (original)
+++ myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtils.java Thu Jan 13 02:29:32 2011
@@ -2232,15 +2232,48 @@ public final class HtmlRendererUtils {
* @param javaScript
* @return
*/
- public static String escapeJavaScriptForChain(String javaScript) {
+ public static String escapeJavaScriptForChain(String javaScript)
+ {
// first replace \' with \\'
- String escaped = StringUtils.replace(javaScript, "\\'", "\\\\'");
+ //String escaped = StringUtils.replace(javaScript, "\\'", "\\\\'");
// then replace ' with \'
// (this will replace every \' in the original to \\\')
- escaped = StringUtils.replace(escaped, '\'', "\\'");
-
- return escaped;
+ //escaped = StringUtils.replace(escaped, '\'', "\\'");
+
+ //return escaped;
+
+ StringBuffer out = null;
+ for (int pos = 0; pos < javaScript.length(); pos++)
+ {
+ char c = javaScript.charAt(pos);
+
+ if (c == '\\' || c == '\'')
+ {
+ if (out == null)
+ {
+ out = new StringBuffer(javaScript.length() + 8);
+ if (pos > 0)
+ {
+ out.append(javaScript, 0, pos);
+ }
+ }
+ out.append('\\');
+ }
+ if (out != null)
+ {
+ out.append(c);
+ }
+ }
+
+ if (out == null)
+ {
+ return javaScript;
+ }
+ else
+ {
+ return out.toString();
+ }
}
/**
Modified: myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtilsTest.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtilsTest.java?rev=1058392&r1=1058391&r2=1058392&view=diff
==============================================================================
--- myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtilsTest.java (original)
+++ myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtilsTest.java Thu Jan 13 02:29:32 2011
@@ -77,4 +77,14 @@ public class HtmlRendererUtilsTest exten
"suppe"));
}
+
+ public void testEscapeJavaScriptForChain()
+ {
+
+ Assert.assertEquals("var foo = " \\\\" test "; alert(foo);", HtmlRendererUtils.escapeJavaScriptForChain("var foo = " \\" test "; alert(foo);"));
+
+ Assert.assertEquals("var foo = \\'bar \\'", HtmlRendererUtils.escapeJavaScriptForChain("var foo = 'bar '"));
+
+ Assert.assertEquals("var foo = \\'bar \\\\\\' \\'", HtmlRendererUtils.escapeJavaScriptForChain("var foo = 'bar \\' '"));
+ }
}
\ No newline at end of file