Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

JhtmlBehavior - improve _getJSObject #1434

Closed
wants to merge 4 commits into from

4 participants

@okonomiyaki3000

This function has several flaws which I think I've solved. I think that with a little more work I can eliminate it entirely as json_encode() should be used whenever possible.

okonomiyaki3000 added some commits
@okonomiyaki3000 okonomiyaki3000 Fixed several flaws in JHTMLBehavior::_getJSObject:
1) fullScreen was used whenever !is_null($array['fullScreen']) (in otherwords, even if set to false)
2) if $array contained keys 'fullScreen' and 'size', the result was invalid js
3) JSON keys not quoted (possible unexpected behavior)
2055f2e
@okonomiyaki3000 okonomiyaki3000 Removed trailing whitespace 5e9e8a5
@okonomiyaki3000

I changed my mind about removing it entirely. There are too many cases of things being passed with the \ prefix. That practice would need to be deprecated first. It could, perhaps, be purged from all Joomla code but there's no way to know if 3rd parties are making use of it.

In any case, it does not affect this patch as the \ behavior is still supported here.

@realityking
Collaborator

Why would we remove the use of \? The whole reason that method exists is to support data types beyond those that are handled by JSON.

@okonomiyaki3000

In my opinion, there are better ways to support types such as functions while letting json_encode take care of whatever it possibly can. But I suppose the \ solution is one that has worked well and maybe shouldn't be changed.

@LouisLandry

Good cleanup. If you can rebase it so that it merges cleanly I'll get it merged in this weekend. Thanks a bunch Elijah.

@okonomiyaki3000

Sorry, I'm on Japan time. It'll have to wait till Monday.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Aug 6, 2012
  1. @okonomiyaki3000

    Fixed several flaws in JHTMLBehavior::_getJSObject:

    okonomiyaki3000 authored
    1) fullScreen was used whenever !is_null($array['fullScreen']) (in otherwords, even if set to false)
    2) if $array contained keys 'fullScreen' and 'size', the result was invalid js
    3) JSON keys not quoted (possible unexpected behavior)
  2. @okonomiyaki3000
Commits on Aug 19, 2012
  1. @eddieajau

    Merge pull request #1473 from elinw/patch-10

    eddieajau authored
    Fix a grammar mistake in a comment
Commits on Aug 20, 2012
  1. @okonomiyaki3000

    cleanup for merge

    okonomiyaki3000 authored
This page is out of date. Refresh to see the latest.
Showing with 35 additions and 31 deletions.
  1. +35 −31 libraries/joomla/html/html/behavior.php
View
66 libraries/joomla/html/html/behavior.php
@@ -809,6 +809,10 @@ public static function noframes()
/**
* Internal method to get a JavaScript object notation string from an array
*
+ * This function differs from json_encode() in two important ways:
+ * 1) If the array contains a key 'fullScreen', the resulting object will have a property 'size' which will be an object with properties 'x' and 'y'
+ * 2) Any elements in the array beginning with '\' will not be encoded, '\' will be stripped and they will be inserted as-is
+ *
* @param array $array The array to convert to JavaScript object notation
*
* @return string JavaScript object notation representation of the array
@@ -817,56 +821,56 @@ public static function noframes()
*/
protected static function _getJSObject($array = array())
{
- $object = '{';
+ // Make sure we have an array
+ $array = (array) $array;
+
+ // Handle special case: fullScreen
+ if (isset($array['fullScreen']) && $array['fullScreen'])
+ {
+ $array['size'] = '\\{"x": window.getSize().x-80, "y": window.getSize().y-80}';
+ $array['fullScreen'] = null;
+ }
- // Iterate over array to build objects
- foreach ((array) $array as $k => $v)
+ $elements = array();
+ foreach ($array as $k => $v)
{
- if (is_null($v))
+ // Don't encode either of these types
+ if (is_null($v) || is_resource($v))
{
continue;
}
+ // Safely encode as a Javascript string
+ $key = json_encode((string) $k);
+
if (is_bool($v))
{
- if ($k === 'fullScreen')
+ $elements[] = $key . ': ' . ($v ? 'true' : 'false');
+ }
+ elseif (is_numeric($v))
+ {
+ $elements[] = $key . ': ' . ($v + 0);
+ }
+ elseif (is_string($v))
+ {
+ if (strpos($v, '\\') === 0)
{
- $object .= 'size: { ';
- $object .= 'x: ';
- $object .= 'window.getSize().x-80';
- $object .= ',';
- $object .= 'y: ';
- $object .= 'window.getSize().y-80';
- $object .= ' }';
- $object .= ',';
+ // Items such as functions and JSON objects are prefixed with \, strip the prefix and don't encode them
+ $elements[] = $key . ': ' . substr($v, 1);
}
else
{
- $object .= ' ' . $k . ': ';
- $object .= ($v) ? 'true' : 'false';
- $object .= ',';
+ // The safest way to insert a string
+ $elements[] = $key . ': ' . json_encode((string) $v);
}
}
- elseif (!is_array($v) && !is_object($v))
- {
- $object .= ' ' . $k . ': ';
- $object .= (is_numeric($v) || strpos($v, '\\') === 0) ? (is_numeric($v)) ? $v : substr($v, 1) : "'" . $v . "'";
- $object .= ',';
- }
else
{
- $object .= ' ' . $k . ': ' . self::_getJSObject($v) . ',';
+ $elements[] = $key . ': ' . self::_getJSObject($v);
}
}
- if (substr($object, -1) == ',')
- {
- $object = substr($object, 0, -1);
- }
-
- $object .= '}';
-
- return $object;
+ return '{' . implode(',', $elements) . '}';
}
/**
Something went wrong with that request. Please try again.