[
http://issues.apache.org/jira/browse/VELTOOLS-52?page=comments#action_12332293
]
Nathan Bubna commented on VELTOOLS-52:
--------------------------------------
I don't really have any contacts there. I mostly just lurk on struts-dev. If
an opportunity comes up, i'll suggest it to them.
in the meantime, i applied the patch locally and did my usual "bikeshed
painting" (as Henning calls it :) to make it fit our code formatting patterns.
While doing that, I found myself wondering if the following variation on your
code would be as performant:
protected String escapeJavascript(String str)
{
if (str == null)
{
return null;
}
int length = str.length();
if (length == 0)
{
return str;
}
// guess at how many chars we'll be adding...
StringBuffer out = new StringBuffer(length + 4);
// run through the string escaping sensitive chars
for (int i=0; i < length; i++)
{
char c = str.charAt(i);
if (c == '"' ||
c == '\'' ||
c == '\\' ||
c == '\n' ||
c == '\r')
{
out.append('\\');
}
out.append(c)
}
return out.toString();
}
it would certainly be easier to understand and maintain (for me, at least :) as
above. but i don't want to step on your toes (and testing) if your original
is/was much faster or better for some reason i'm missing. What say ye?
> ValidatorTool javascript generator can generate invalid Javascript
> ------------------------------------------------------------------
>
> Key: VELTOOLS-52
> URL: http://issues.apache.org/jira/browse/VELTOOLS-52
> Project: VelocityTools
> Type: Bug
> Components: VelocityStruts
> Versions: 1.2
> Environment: Using JDK1.4.2 / Linux 2.4 kernel / Tomcat 4.1
> Reporter: Christopher Schultz
> Assignee: Nathan Bubna
> Fix For: 1.2
> Attachments: ValidatorTool.diff
>
> ValidatorTool can create invalid javascript in a few situations.
> Here is an example of such a situation and also an example of the invalid
> javascript it generates.
> Suppose you have the following dynamic action form validation rules defined
> (this is actually text field which is intended to be used as an "other" input
> when a drop-down has the value of "Other").
> <pre>
> <field property="selectOther"
> depends="validwhen,maxlength"
> page="1">
> <arg0 key="prompt.selectOther"/>
> <arg1 name="maxlength" key="${var:maxlength}" resource="false" />
> <var><var-name>maxlength</var-name><var-value>255</var-value></var>
> <var>
> <var-name>test</var-name>
> <var-value>
> (((select == "Other") and (*this* != null)) or
> (select != "Other"))
> </var-value>
> </var>
> </field>
> </pre>
> When ValidatorTool generates Javascript for this, you get the following:
> <pre>
> .
> .
> .
> this.a3 = new Array("orgTypeOther", "The field Organization Type cannot
> be greater than 255 characters.", new Function ("varName",
> "this.maxlength='255'; this.test='(((orgType == "Other") and (*this* !=
> null)) or
> (orgType != "Other"))'; return this[varName];"));
> .
> .
> .
> </pre>
> Note that there is a newline in the string literal (invalid) and that the
> double-quotes used in my "validwhen" rule have not been escaped, which
> prematurely ends the double-quoted string starting with
> <code>"this.maxlength</code>, which really confuses the Javascript
> interpreter.
> It turns out that switching from double-quotes to single-quotes doesn't help,
> since there are also single-quoted strings within that double-quoted string,
> so basically it won't work no matter what you do (since backslash-escaping
> the quotes will cause the validwhen test itself to become invalid.
> I see two solutions: properly escape the variable values being dumped into
> Javascript, or avoid adding the "test" variable to the Javascript, since it
> will be ignored, anyway.
> I propose fixing the escaping, since there may be other validator "var"
> values with this same problem.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
