Ah yes, the reason I went through the fixHtml route is because Stuart specifically mentioned he wanted to process those.
Stuart, you should make sure to properly secure this stuff -- either as an admin-only thing (understanding that that person has as much rights as you) or by scrubbing the XML thoroughly. -Ross On Mar 9, 2010, at 12:26 PM, David Pollak wrote: > > > On Tue, Mar 9, 2010 at 9:14 AM, Ross Mellgren <[email protected]> wrote: > Try this (I haven't tested it, so there could be lurking bugs): > > case class JQueryNodeSeq(ns: NodeSeq) extends JsExp with JQueryLeft with > HtmlFixer { > override def toJsCmd = "jQuery(" + JsStr(fixHtml("NodeSeqDialog", > ns)).toJsCmd + ")" > } > > Ross, > > This is good code, but introduces a potential security vulnerability. ;-) > > fixHtml runs the NodeSeq through Lift's snippet handler. If you have > web-user input, a user could type in <lift:xxxx/> and cause server-side code > to be executed. > > import net.liftweb.util._ > import Helpers._ > > Personally, I'd suggest "jQuery(" + AltXML.toXML(nodeSeq, false, true).encJs > + ")" > > Thanks, > > David > > > Then JQueryNodeSeq(ns) ~> JsFunc("dialog") > > -Ross > > On Mar 9, 2010, at 12:06 PM, Stuart Roebuck wrote: > > > I'm trying to produce a web page with editable content. > > > > When the user clicks an edit button on a line it uses jQuery to > > display a modal dialog which allows fields of that line to be edited. > > > > I can easily produce a snippet to produce the lines using the backend > > data and an XHTML template and binding etc. > > > > However, I also want the template to include the template for the > > dialog. So I want the ajax button callback to send JavaScript to > > instantiate the jQuery UI dialog based on the template and bindings. > > > > To build this I need to assemble a JsCmd containing the NodeSeq that > > comes from the XHTML sequence and the bindings. > > > > In short, if this was straight jQuery I would have some JavaScript of > > the form: > > > > $(<div title="Dialog Title">theFormNodeSeq</div>).dialog() > > > > But in my case theFormNodeSeq comes from a NodeSeq that was assembled > > from part of the XHTML template and the bindings and the end result > > needs to be a JsCmd. > > > > So I'm trying to do something like: > > > > JsCmds.Run("$(" + theFormNodeSeq.toString + ").dialog()") > > > > But I need to address escaping issues with the HTML and I also need to > > pre-process any "<lift:… />" commands in theFormNodeSeq. > > > > Any advice (please)? > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Lift" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group at > > http://groups.google.com/group/liftweb?hl=en. > > > > -- > You received this message because you are subscribed to the Google Groups > "Lift" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/liftweb?hl=en. > > > > > -- > Lift, the simply functional web framework http://liftweb.net > Beginning Scala http://www.apress.com/book/view/1430219890 > Follow me: http://twitter.com/dpp > Surf the harmonics > > -- > You received this message because you are subscribed to the Google Groups > "Lift" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/liftweb?hl=en. -- You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/liftweb?hl=en.
