[
https://issues.apache.org/jira/browse/VELTOOLS-52?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12467120
]
Christopher Schultz commented on VELTOOLS-52:
---------------------------------------------
I'm not sure if this is fixed, and I'm a little confused, actually.
I have a 'validwhen' test that looks like this in my validator config file:
( ( ( ( premature == null ) and ( *this* == null ) ) or ( premature == 'false'
) ) or ( ( premature == 'true' ) and ( *this* != null ) ) )
(it requires the current field if the the value of another radio button field
is 'true')
When rendered in javascript, this is the code that gets emitted in
myForm_integerValidations:
this.a1 = new Array("prematurityWeeks", "The field premature weeks must be
an integer.", new Function ("varName", "this.test='( ( ( ( premature == null )
and ( *this* == null ) ) or ( premature == \'false\' ) ) or ( ( premature ==
\'true\' ) and ( *this* != null ) ) )'; return this[varName];"));
If you look, you'll see that the second argument to "new Function" is a
double-quoted string. That double-quoted string contains a single-quoted string
which contains the test from my config file which has it's single quotes
escaped. This looks right to me.
But, it fails in Mozilla Firefox (2.0.0.1). I can't see anything in MSIE 7...
the javascript does not appear to run at all (all attempts to see what's going
on fail).
Here is the error:
Error: missing ; before statement
Source File: http://[host]/[action].do
Line: 186, Column: 83
Source Code:
this.test='( ( ( ( premature == null ) and ( *this* == null ) ) or ( premature
== 'false' ) ) or ( ( premature == 'true' ) and ( *this* != null ) ) )';
return this[varName];
Note that the escape characters are missing.
I'm not javascript expert, but I'm guessing that we're trying to create a new
function with the second argument as the code of that function. That means that
the code within that argument will be executed in order to set "this.test" on
the validator object to the text that I have in my configuration file.
Somewhere along the way, the escaping is being removed.
Is it possible that those single-quotes need to be double-escaped due to a
second round of string-processing done by the javascript processor?
> ValidatorTool javascript generator can generate invalid Javascript
> ------------------------------------------------------------------
>
> Key: VELTOOLS-52
> URL: https://issues.apache.org/jira/browse/VELTOOLS-52
> Project: Velocity Tools
> Issue Type: Bug
> Components: VelocityStruts
> Affects Versions: 1.2
> Environment: Using JDK1.4.2 / Linux 2.4 kernel / Tomcat 4.1
> Reporter: Christopher Schultz
> Assigned To: Nathan Bubna
> Fix For: 1.2
>
> Attachments: ValidatorTool.diff
>
>
> ValidatorTool can create invalid javascript in a few situations.
> Here is an example of such a situation and also an example of the invalid
> javascript it generates.
> Suppose you have the following dynamic action form validation rules defined
> (this is actually text field which is intended to be used as an "other" input
> when a drop-down has the value of "Other").
> <pre>
> <field property="selectOther"
> depends="validwhen,maxlength"
> page="1">
> <arg0 key="prompt.selectOther"/>
> <arg1 name="maxlength" key="${var:maxlength}" resource="false" />
> <var><var-name>maxlength</var-name><var-value>255</var-value></var>
> <var>
> <var-name>test</var-name>
> <var-value>
> (((select == "Other") and (*this* != null)) or
> (select != "Other"))
> </var-value>
> </var>
> </field>
> </pre>
> When ValidatorTool generates Javascript for this, you get the following:
> <pre>
> .
> .
> .
> this.a3 = new Array("orgTypeOther", "The field Organization Type cannot
> be greater than 255 characters.", new Function ("varName",
> "this.maxlength='255'; this.test='(((orgType == "Other") and (*this* !=
> null)) or
> (orgType != "Other"))'; return this[varName];"));
> .
> .
> .
> </pre>
> Note that there is a newline in the string literal (invalid) and that the
> double-quotes used in my "validwhen" rule have not been escaped, which
> prematurely ends the double-quoted string starting with
> <code>"this.maxlength</code>, which really confuses the Javascript
> interpreter.
> It turns out that switching from double-quotes to single-quotes doesn't help,
> since there are also single-quoted strings within that double-quoted string,
> so basically it won't work no matter what you do (since backslash-escaping
> the quotes will cause the validwhen test itself to become invalid.
> I see two solutions: properly escape the variable values being dumped into
> Javascript, or avoid adding the "test" variable to the Javascript, since it
> will be ignored, anyway.
> I propose fixing the escaping, since there may be other validator "var"
> values with this same problem.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
