[
https://issues.apache.org/jira/browse/VELTOOLS-52?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12467204
]
Nathan Bubna commented on VELTOOLS-52:
--------------------------------------
Glad to hear you don't think we should hold off on 1.3.
But so you don't feel too alone, know that i always assume that for each time a
problem is reported in open source software, there are 5 to 10 more times that
it is experienced but not reported. Not everyone takes time to improve
software by reporting problems. Many just fix it themselves, workaround it, or
ditch the library (depending on the severity of the issue of course).
Anyway, let me know if i can help you in figuring out where the bug is or
especially in fixing it. I don't have a ton of time (since i can't use
paid-work time on something the company isn't using), but i'd like to help
where i can.
> ValidatorTool javascript generator can generate invalid Javascript
> ------------------------------------------------------------------
>
> Key: VELTOOLS-52
> URL: https://issues.apache.org/jira/browse/VELTOOLS-52
> Project: Velocity Tools
> Issue Type: Bug
> Components: VelocityStruts
> Affects Versions: 1.2
> Environment: Using JDK1.4.2 / Linux 2.4 kernel / Tomcat 4.1
> Reporter: Christopher Schultz
> Assigned To: Nathan Bubna
> Fix For: 1.2
>
> Attachments: ValidatorTool.diff
>
>
> ValidatorTool can create invalid javascript in a few situations.
> Here is an example of such a situation and also an example of the invalid
> javascript it generates.
> Suppose you have the following dynamic action form validation rules defined
> (this is actually text field which is intended to be used as an "other" input
> when a drop-down has the value of "Other").
> <pre>
> <field property="selectOther"
> depends="validwhen,maxlength"
> page="1">
> <arg0 key="prompt.selectOther"/>
> <arg1 name="maxlength" key="${var:maxlength}" resource="false" />
> <var><var-name>maxlength</var-name><var-value>255</var-value></var>
> <var>
> <var-name>test</var-name>
> <var-value>
> (((select == "Other") and (*this* != null)) or
> (select != "Other"))
> </var-value>
> </var>
> </field>
> </pre>
> When ValidatorTool generates Javascript for this, you get the following:
> <pre>
> .
> .
> .
> this.a3 = new Array("orgTypeOther", "The field Organization Type cannot
> be greater than 255 characters.", new Function ("varName",
> "this.maxlength='255'; this.test='(((orgType == "Other") and (*this* !=
> null)) or
> (orgType != "Other"))'; return this[varName];"));
> .
> .
> .
> </pre>
> Note that there is a newline in the string literal (invalid) and that the
> double-quotes used in my "validwhen" rule have not been escaped, which
> prematurely ends the double-quoted string starting with
> <code>"this.maxlength</code>, which really confuses the Javascript
> interpreter.
> It turns out that switching from double-quotes to single-quotes doesn't help,
> since there are also single-quoted strings within that double-quoted string,
> so basically it won't work no matter what you do (since backslash-escaping
> the quotes will cause the validwhen test itself to become invalid.
> I see two solutions: properly escape the variable values being dumped into
> Javascript, or avoid adding the "test" variable to the Javascript, since it
> will be ignored, anyway.
> I propose fixing the escaping, since there may be other validator "var"
> values with this same problem.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
