[
https://issues.apache.org/jira/browse/VELTOOLS-52?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12467200
]
Christopher Schultz commented on VELTOOLS-52:
---------------------------------------------
Since I'm the only one who has ever really noticed this, I don't think that
blocking veltools-1.3 is necessary.
> ValidatorTool javascript generator can generate invalid Javascript
> ------------------------------------------------------------------
>
> Key: VELTOOLS-52
> URL: https://issues.apache.org/jira/browse/VELTOOLS-52
> Project: Velocity Tools
> Issue Type: Bug
> Components: VelocityStruts
> Affects Versions: 1.2
> Environment: Using JDK1.4.2 / Linux 2.4 kernel / Tomcat 4.1
> Reporter: Christopher Schultz
> Assigned To: Nathan Bubna
> Fix For: 1.2
>
> Attachments: ValidatorTool.diff
>
>
> ValidatorTool can create invalid javascript in a few situations.
> Here is an example of such a situation and also an example of the invalid
> javascript it generates.
> Suppose you have the following dynamic action form validation rules defined
> (this is actually text field which is intended to be used as an "other" input
> when a drop-down has the value of "Other").
> <pre>
> <field property="selectOther"
> depends="validwhen,maxlength"
> page="1">
> <arg0 key="prompt.selectOther"/>
> <arg1 name="maxlength" key="${var:maxlength}" resource="false" />
> <var><var-name>maxlength</var-name><var-value>255</var-value></var>
> <var>
> <var-name>test</var-name>
> <var-value>
> (((select == "Other") and (*this* != null)) or
> (select != "Other"))
> </var-value>
> </var>
> </field>
> </pre>
> When ValidatorTool generates Javascript for this, you get the following:
> <pre>
> .
> .
> .
> this.a3 = new Array("orgTypeOther", "The field Organization Type cannot
> be greater than 255 characters.", new Function ("varName",
> "this.maxlength='255'; this.test='(((orgType == "Other") and (*this* !=
> null)) or
> (orgType != "Other"))'; return this[varName];"));
> .
> .
> .
> </pre>
> Note that there is a newline in the string literal (invalid) and that the
> double-quotes used in my "validwhen" rule have not been escaped, which
> prematurely ends the double-quoted string starting with
> <code>"this.maxlength</code>, which really confuses the Javascript
> interpreter.
> It turns out that switching from double-quotes to single-quotes doesn't help,
> since there are also single-quoted strings within that double-quoted string,
> so basically it won't work no matter what you do (since backslash-escaping
> the quotes will cause the validwhen test itself to become invalid.
> I see two solutions: properly escape the variable values being dumped into
> Javascript, or avoid adding the "test" variable to the Javascript, since it
> will be ignored, anyway.
> I propose fixing the escaping, since there may be other validator "var"
> values with this same problem.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
