Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

value binding should no longer escape values of select controls by de…

…fault
  • Loading branch information...
commit 53ce1eed5b7dac964475aa119ed801d49470b5f0 1 parent 2d8d636
politician authored
Showing with 75 additions and 4 deletions.
  1. +8 −4 outback.js
  2. +67 −0 spec/bindings/value.spec.js
View
12 outback.js
@@ -751,7 +751,7 @@
form elements such as <input>, <select> and <textarea>.
*/
Backbone.outback.bindingHandlers['value'] = (function() {
- function optionsFor(valueAccessor, allBindingsAccessor) {
+ function optionsFor(element, valueAccessor, allBindingsAccessor) {
var config, options;
config = {
@@ -761,6 +761,10 @@
previewError: true
};
+ if ($(element).filter('select').size() > 0) {
+ config.escape = false;
+ }
+
options = allBindingsAccessor('valueOptions');
if(options && hop(options, 'escape')) {
config.escape = !!options.escape;
@@ -780,7 +784,7 @@
return {
init: function (element, valueAccessor, allBindingsAccessor, view) {
var config, writeOptions;
- config = optionsFor(valueAccessor, allBindingsAccessor);
+ config = optionsFor(element, valueAccessor, allBindingsAccessor);
writeOptions = {
silent: config.silent,
@@ -795,7 +799,7 @@
},
update: function (element, valueAccessor, allBindingsAccessor, view) {
var config, value, readOptions;
- config = optionsFor(valueAccessor, allBindingsAccessor);
+ config = optionsFor(element, valueAccessor, allBindingsAccessor);
readOptions = {escape: config.escape};
@@ -804,7 +808,7 @@
},
remove: function (element, valueAccessor, allBindingsAccessor, view) {
var config;
- config = optionsFor(valueAccessor, allBindingsAccessor);
+ config = optionsFor(element, valueAccessor, allBindingsAccessor);
$(element).off(config.eventName);
},
View
67 spec/bindings/value.spec.js
@@ -80,6 +80,73 @@ describe('the value binding', function() {
});
+ describe('should work with select controls with multiple="multiple"', function() {
+
+ beforeEach(function() {
+ this.model = new AModel({car: 'volvo'});
+ this.view = new FixtureView({model: this.model});
+ _.extend(this.view, {
+ innerHtml:
+ "<select type='text' multiple='multiple' data-bind='value: @car'> \
+ <option value='volvo'>Volvo</option>\
+ <option value='saab'>Saab</option>\
+ <option value='mercedes'>Mercedes</option>\
+ <option value='audi'>Audi</option>\
+ </select>"
+ })
+
+ this.view.render();
+ this.el = this.view.$('#anchor select');
+ });
+
+ afterEach(function() {
+ this.view.remove();
+ })
+
+ it('should update the value of the DOM element when the model changes', function() {
+ expect(this.el.size() > 0).toBeTruthy();
+ expect(this.el.val()).toContain('volvo');
+
+ this.model.set({car: 'saab'});
+
+ expect(this.el.val()).toContain('saab');
+ });
+
+ it('should update the model when the value of the DOM element changes', function() {
+ expect(this.el.size() > 0).toBeTruthy();
+ expect(this.el.val()).toContain('volvo');
+
+ this.el.val('saab');
+ this.el.trigger('change');
+
+ expect(this.model.get('car')).toContain('saab');
+ });
+
+ it('should select multiple DOM elements when the model is set to an array', function() {
+ expect(this.el.size() > 0).toBeTruthy();
+ expect(this.el.val()).toContain('volvo');
+
+ this.model.set({car: ['saab','audi']});
+
+ var val = this.el.val();
+ expect(val).not.toBeNull();
+ expect(val).toContain('saab');
+ expect(val).toContain('audi');
+ });
+
+ it('should set the model to an array when multiple options in the DOM are selected', function() {
+ expect(this.el.size() > 0).toBeTruthy();
+ expect(this.el.val()).toContain('volvo');
+
+ this.el.val(['saab','audi']);
+ this.el.trigger('change');
+
+ var val = this.model.get('car');
+ expect(val).toContain('saab');
+ expect(val).toContain('audi');
+ });
+ });
+
describe('helps prevent XSS attacks', function() {
var xssPayload = "<script>(function() { var xss = 'in ur page, hackin ur users'; })();</script>";
var xssPayloadEscaped = '&lt;script&gt;(function() { var xss = &#x27;in ur page, hackin ur users&#x27;; })();&lt;&#x2F;script&gt;'
Please sign in to comment.
Something went wrong with that request. Please try again.