[Jifty-commit] r3168 - jifty/trunk/lib/Jifty/Web/Form
jifty-commit at lists.jifty.org
jifty-commit at lists.jifty.org
Thu Apr 26 08:59:35 EDT 2007
Author: audreyt
Date: Thu Apr 26 08:59:34 2007
New Revision: 3168
Modified:
jifty/trunk/lib/Jifty/Web/Form/Element.pm
Log:
* Jifty::Web::Form::Element - All direct-javascript-injection into HTML
needs to be properly HTML escaped. This fixed the case where there are
e.g. double quotes and ampersands in prompt()/keybinding data, as well
as make the bogus-Unicode-double-decoding bug go away in IE.
* Also, prompt() support was broken in IE as clicking "cancel" will still
submit the action anyway; an "Event.stop(event);" corrected this.
Modified: jifty/trunk/lib/Jifty/Web/Form/Element.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Web/Form/Element.pm (original)
+++ jifty/trunk/lib/Jifty/Web/Form/Element.pm Thu Apr 26 08:59:34 2007
@@ -309,11 +309,11 @@
my $string = join ";", (grep {not ref $_} (ref $value eq "ARRAY" ? @{$value} : ($value)));
if (@fragments or %actions) {
- my $update = "update( ". Jifty::JSON::objToJson( {actions => \%actions, fragments => \@fragments }, {singlequote => 1}) .", this );";
+ my $update = Jifty->web->escape("update( ". Jifty::JSON::objToJson( {actions => \%actions, fragments => \@fragments }, {singlequote => 1}) .", this );");
$string .= $self->javascript_preempt ? "return $update" : "$update; return true;";
}
if ($confirm) {
- $string = "if(!confirm(" . Jifty::JSON::objToJson($confirm, {singlequote => 1}) . ")) return false;" . $string;
+ $string = Jifty->web->escape("if(!confirm(" . Jifty::JSON::objToJson($confirm, {singlequote => 1}) . ")) { Event.stop(event); return false }") . $string;
}
$response .= qq| $trigger="$string"|;
}
@@ -389,7 +389,7 @@
Jifty->web->out(
'<script type="text/javascript"><!--' .
"\n" .
- $self->key_binding_javascript .
+ Jifty->web->escape($self->key_binding_javascript).
"\n" .
"--></script>");
return '';
More information about the Jifty-commit
mailing list