Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-3708

XWiki core apis to encode text to be inserted in javascript calls

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 1.8.2
    • Fix Version/s: None
    • Component/s: {Unused} APIs
    • Labels:
      None
    • Difficulty:
      Unknown
    • Similar issues:

      Description

      If you want to insert a text string inside a js call in a tag or in a function you need some encoding.

      For example

      #set($text = $util.getJSEncoded($mytext))
      <input type="button" name="a" value="" onclick="alert('$text'); callfunction('$text');" />

      I propose the following code:

      public String getJSEncoded(String origtext)

      { String text = origtext.replaceAll("\\\\", "\\\\"); text = text.replaceAll("'", "\\\\'"); text = text.replaceAll("\"", "\\\\x22"); return text; }

      See sample on http://incubator.myxwiki.org/xwiki/bin/edit/Test/TestJSEncoding

      1 JS Encoding
      
      <%
      
         def getJSEncoded(String origtext) {
      		String text = origtext.replaceAll("\\\\", "\\\\");
      		text = text.replaceAll("'", "\\\\'");
      		text = text.replaceAll("\"", "\\\\x22");
      		return text; 
         }
      
       text = getJSEncoded("c'est l'été \"test\"")
      %>
      {pre}
      <input type="button" name="a" value="click" onclick="alert('$text');" />
      {/pre}
      

        Attachments

          Activity

            People

            • Assignee:
              sdumitriu Sergiu Dumitriu
              Reporter:
              ludovic Ludovic Dubost
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Date of First Response: