Author: nbelaevski
Date: 2008-06-20 09:39:43 -0400 (Fri, 20 Jun 2008)
New Revision: 9138
Modified:
trunk/ui/jQuery/src/main/java/org/richfaces/renderkit/JQueryRendererBase.java
trunk/ui/jQuery/src/main/templates/jQuery.jspx
Log:
Proper escapement for JavaScript parameters added
Modified: trunk/ui/jQuery/src/main/java/org/richfaces/renderkit/JQueryRendererBase.java
===================================================================
---
trunk/ui/jQuery/src/main/java/org/richfaces/renderkit/JQueryRendererBase.java 2008-06-20
13:38:48 UTC (rev 9137)
+++
trunk/ui/jQuery/src/main/java/org/richfaces/renderkit/JQueryRendererBase.java 2008-06-20
13:39:43 UTC (rev 9138)
@@ -4,7 +4,6 @@
import javax.faces.component.UIComponent;
import javax.faces.context.FacesContext;
-import org.ajax4jsf.javascript.JSEncoder;
import org.ajax4jsf.renderkit.HeaderResourcesRendererBase;
import org.richfaces.component.UIJQuery;
import org.richfaces.component.util.HtmlUtil;
@@ -49,20 +48,4 @@
return HtmlUtil.expandIdSelector(selector, component, context);
}
- public String escapeJavaScript(Object o) {
- if (o != null) {
- JSEncoder encoder = new JSEncoder();
- StringBuffer result = new StringBuffer();
- String string = o.toString();
- int length = string.length();
-
- for (int i = 0; i < length; i++) {
- result.append(encoder.encode(string.charAt(i)));
- }
-
- return result.toString();
- } else {
- return null;
- }
- }
}
Modified: trunk/ui/jQuery/src/main/templates/jQuery.jspx
===================================================================
--- trunk/ui/jQuery/src/main/templates/jQuery.jspx 2008-06-20 13:38:48 UTC (rev 9137)
+++ trunk/ui/jQuery/src/main/templates/jQuery.jspx 2008-06-20 13:39:43 UTC (rev 9138)
@@ -26,7 +26,8 @@
String selector = (String) variables.getVariable("selector");
checkValidity(clientId, name, timing, query);
- variables.setVariable("selector", replaceClientIds(context, component,
selector));
+ variables.setVariable("selector", getUtils().escapeJavaScript(
+ replaceClientIds(context, component, selector)));
]]>
</jsp:scriptlet>
@@ -34,9 +35,9 @@
<script type="text/javascript">
//<![CDATA[
function #{name}(elm, param) {
- var selector = '#{selector}';
+ var selector = "#{selector}";
try {
- selector = eval("#{this:escapeJavaScript(selector)}");
+ selector = eval("#{selector}");
} catch (e) {}
jQuery(elm || selector).#{query};
@@ -49,9 +50,9 @@
<script type="text/javascript">
//<![CDATA[
{
- var selector = '#{selector}';
+ var selector = "#{selector}";
try {
- selector = eval("#{this:escapeJavaScript(selector)}");
+ selector = eval("selector}");
} catch (e) {}
jQuery(selector).#{query};
}
@@ -63,9 +64,9 @@
<script type="text/javascript">
//<![CDATA[
jQuery(document).ready(function() {
- var selector = '#{selector}';
+ var selector = "#{selector}";
try {
- selector = eval("#{this:escapeJavaScript(selector)}");
+ selector = eval("#{selector}");
} catch (e) {}
jQuery(selector).#{query};
});
Show replies by date