Author: abelevich Date: 2007-09-21 09:27:14 -0400 (Fri, 21 Sep 2007) New Revision: 3045 Modified: trunk/ui/menu-components/src/main/java/org/richfaces/renderkit/html/MenuItemRendererBase.java Log: escape script in the context of RF-981 Modified: trunk/ui/menu-components/src/main/java/org/richfaces/renderkit/html/MenuItemRendererBase.java =================================================================== --- trunk/ui/menu-components/src/main/java/org/richfaces/renderkit/html/MenuItemRendererBase.java 2007-09-21 13:13:23 UTC (rev 3044) +++ trunk/ui/menu-components/src/main/java/org/richfaces/renderkit/html/MenuItemRendererBase.java 2007-09-21 13:27:14 UTC (rev 3045) @@ -23,7 +23,6 @@ import java.io.IOException; import java.util.ArrayList; -import java.util.Collection; import java.util.Iterator; import java.util.List; import java.util.Map; @@ -36,6 +35,7 @@ import javax.faces.event.PhaseId; import org.ajax4jsf.Messages; +import org.ajax4jsf.javascript.ScriptUtils; import org.ajax4jsf.renderkit.AjaxRendererUtils; import org.ajax4jsf.renderkit.ComponentVariables; import org.ajax4jsf.renderkit.ComponentsVariableResolver; @@ -106,11 +106,11 @@ } Object value = param.getValue(); - buff.append("params['"); - buff.append(name); - buff.append("'] = '"); - buff.append(value); - buff.append("';"); + buff.append("params["); + buff.append(ScriptUtils.toScript(name)); + buff.append("] = "); + buff.append(ScriptUtils.toScript(value)); + buff.append(";"); params.add(buff.toString()); } } @@ -151,36 +151,39 @@ menuItem, context).toString()); } else if (mode.equalsIgnoreCase(MenuComponent.MODE_SERVER)) { - String id = menuItem.getClientId(context); + + String id = menuItem.getClientId(context); scriptValue.append('{'); scriptValue.append("var form = A4J.findForm(this);"); scriptValue.append("var params = new Object();"); - scriptValue.append("params['"); - scriptValue.append(id + ":hidden"); - scriptValue.append("'] = '"); - scriptValue.append(id); - scriptValue.append("';"); + scriptValue.append("params["); + scriptValue.append(ScriptUtils.toScript(id + ":hidden")); + scriptValue.append("] = "); + scriptValue.append(ScriptUtils.toScript(id)); + scriptValue.append(";"); List params = encodeParams(context, menuItem); - if(!params.isEmpty()){ for (Iterator iterator = params.iterator(); iterator.hasNext();) { - scriptValue.append((String) iterator.next()); + scriptValue.append(iterator.next()); } } - - scriptValue.append("Richfaces.jsFormSubmit('"); - scriptValue.append(id); - scriptValue.append("', "); - scriptValue.append("form.id, "); + + scriptValue.append("Richfaces.jsFormSubmit("); + scriptValue.append(ScriptUtils.toScript(id)).append(","); + + scriptValue.append("form.id").append(","); Object target = menuItem.getAttributes().get("target"); - + if (null != target) { - scriptValue.append("'"+(String) target+"', "); - } else { - scriptValue.append("'', "); + scriptValue.append(ScriptUtils.toScript(target)); + } else { + scriptValue.append("''"); } + + scriptValue.append(","); scriptValue.append("params);}; return false;"); + } else { scriptValue.append(getStringAttributeOrEmptyString(menuItem, "onclick")); } @@ -233,23 +236,27 @@ protected String processInlineStyles(FacesContext context, UIMenuItem menuItem, boolean isOnmouseover) { - StringBuffer buffer = new StringBuffer(); + + StringBuffer buffer = new StringBuffer(); Object style = menuItem.getAttributes().get("style"); Object selectStyle = menuItem.getAttributes().get("selectStyle"); + if (null == selectStyle) { return ""; } + + buffer.append("$('" + menuItem.getClientId(context) + "').style.cssText='"); - buffer.append("$('" + menuItem.getClientId(context) - + "').style.cssText='"); if (null != style) { - buffer.append(style.toString() + "; "); - } + buffer.append(style.toString() + "; "); + } + if (isOnmouseover) { - buffer.append(selectStyle.toString() + ";';"); + buffer.append(selectStyle.toString() + ";';"); } else { - buffer.append("';"); + buffer.append("';"); } + return buffer.toString(); } }