Permalink
Browse files

bugfix: escape html entities when populating the textbox to edit.

  • Loading branch information...
1 parent a091d41 commit 0db18bd49c55f82eba3a59869b994a319a02bf0b @reednj committed Jan 4, 2011
Showing with 45 additions and 9 deletions.
  1. +36 −1 Source/InlineEditor.js
  2. +9 −8 Test/simpletest.html
View
@@ -80,6 +80,7 @@ var InlineEditor = new Class({
// finally we insert the new link and form elements into the orginal elem that
// was passed in..
this.element.empty().grab(this.edit_link).grab(this.edit_form );
+
},
_create_form: function() {
@@ -103,6 +104,7 @@ var InlineEditor = new Class({
]
});
+
},
_create_input: function() {
@@ -123,7 +125,7 @@ var InlineEditor = new Class({
// init the edit textbox with the correct value etc
- this.edit_input.value = this.current_text;
+ this.edit_input.value = this.current_text.unescapeHTML();
// these buttons might be in the wrong state from last time so we reset them
this.save_button.value = this._save_button_msg;
@@ -307,3 +309,36 @@ Number.implement({ format: function(decimals, dec_point, thousands_sep) {
(decimals && matches[3]? dec_point + (+ matches[3] || 0).round(decimals).toString().substr(2) : '');
}});
+
+String.implement({
+ // from: http://www.codecodex.com/wiki/Escape_HTML_Specials
+ escapeHTML: function()
+ {
+ var Escaped = ""
+ var Str = this;
+
+ for (var i = 0; i < Str.length; ++i)
+ {
+ var ThisCh = Str.charAt(i);
+
+ if (ThisCh == "&") {
+ ThisCh = "&amp;"
+ } else if (ThisCh == "<") {
+ ThisCh = "&lt;"
+ } else if (ThisCh == "\"") {
+ ThisCh = "&quot;"
+ } else if (ThisCh == ">") {
+ ThisCh = "&gt;"
+ }
+
+ Escaped += ThisCh
+ }
+
+ return Escaped;
+ },
+
+ unescapeHTML: function()
+ {
+ return this.replace('&amp;', '&').replace('&lt;', '<').replace('&gt;', '>').replace('&quot;', '"');
+ }
+});
View
@@ -18,7 +18,7 @@
font-size: 16pt;
margin: 96px;
}
-
+
.editable-dd div {
display:none;
}
@@ -32,34 +32,34 @@
$$('.editable').each(function(item) {
new InlineEditor(item);
});
-
+
$$('.editable-dd').each(function(item) {
new InlineEditor.Combo(item);
});
-
+
new InlineEditor.Combo('edit-combo', {
data: {'id': 14, 'name':'nathan'},
options_list: [
{'text':'eins', 'value':'1'},
{'text':'zwei', 'value':'2'},
{'text':'drei', 'value':'3', 'selected':true}
]});
-
+
new InlineEditor('extra-data', {
data: {
'user_id': 125,
'hash_code': 'bd85c4ff64d38c081b1c0ec09f0076de7f233fbd'
}
});
-
+
new InlineEditor('empty-msg', {'empty_msg':'empty'});
-
+
new InlineEditor('no-url', {
onSuccess: function(new_text) {
alert(new_text);
}
});
-
+
new InlineEditor.Combo('color-select', {
onSuccess: function(new_text, new_value) {
$('color-target').setStyle('background-color', new_value);
@@ -75,14 +75,15 @@
</head>
<body>
-
+
<div id='t-body'>
<div class='editable' data-url='api/edittest.php?f=y' data-id='12'>this edit will fail</div>
<div class='editable' data-url='api/edittest.php?f=php' data-id='76'>php error</div>
<div class='editable' data-url='badurl.php'>404 error</div>
<br/>
<div class='editable' data-url='api/edittest.php' data-id='13'>nathan</div>
+<div class='editable' data-url='api/edittest.php' data-id='15'>lion &amp; nathan</div>
<div class='editable' data-url='api/edittest.php'>no id on this one</div>
<div class='editable' data-url='api/edittest.php'></div>

0 comments on commit 0db18bd

Please sign in to comment.