myfaces-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jak...@apache.org
Subject svn commit: r933730 - /myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtils.java
Date Tue, 13 Apr 2010 18:22:23 GMT
Author: jakobk
Date: Tue Apr 13 18:22:23 2010
New Revision: 933730

URL: http://svn.apache.org/viewvc?rev=933730&view=rev
Log:
MYFACES-2657 Already escaped apostrophes are double-escaped while building the ClientBehavior
JavaScript

Modified:
    myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtils.java

Modified: myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtils.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtils.java?rev=933730&r1=933729&r2=933730&view=diff
==============================================================================
--- myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtils.java
(original)
+++ myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRendererUtils.java
Tue Apr 13 18:22:23 2010
@@ -2142,7 +2142,7 @@ public final class HtmlRendererUtils {
             {
                 //either strings or functions, but I assume string is more appropriate since
it allows access to the
                 //origin as this!
-                target.append("'" + StringUtils.replace(script, '\'', "\\'") + "'");
+                target.append("'" + escapeJavaScriptForChain(script) + "'");
                 if (clientIterator.hasNext())
                 {
                     target.append(", ");
@@ -2184,9 +2184,7 @@ public final class HtmlRendererUtils {
         {
             // escape every ' in the user event code since it will
             // be a string attribute of jsf.util.chain
-            userEventCode = StringUtils.replace(userEventCode, '\'', "\\'");
-            
-            finalParams.add('\'' + userEventCode + '\'');
+            finalParams.add('\'' + escapeJavaScriptForChain(userEventCode) + '\'');
         }
 
         final MyfacesConfig currentInstance = MyfacesConfig
@@ -2204,7 +2202,7 @@ public final class HtmlRendererUtils {
         if (serverEventCode != null
                 && !serverEventCode.trim().equals(STR_EMPTY))
         {
-            finalParams.add('\''+serverEventCode+'\'');
+            finalParams.add('\'' + escapeJavaScriptForChain(serverEventCode) + '\'');
         }
         Iterator<String> it = finalParams.iterator();
         
@@ -2258,7 +2256,7 @@ public final class HtmlRendererUtils {
         List<String> finalParams = new ArrayList<String>(3);
         if (userEventCode != null && !userEventCode.trim().equals(STR_EMPTY))
         {
-            finalParams.add('\'' + StringUtils.replace(userEventCode, '\'', "\\'") + '\'');
+            finalParams.add('\'' + escapeJavaScriptForChain(userEventCode) + '\'');
         }
 
         final MyfacesConfig currentInstance = MyfacesConfig
@@ -2282,7 +2280,7 @@ public final class HtmlRendererUtils {
         if (serverEventCode != null
                 && !serverEventCode.trim().equals(STR_EMPTY))
         {
-            finalParams.add('\'' + StringUtils.replace(serverEventCode, '\'', "\\'") + '\'');
+            finalParams.add('\'' + escapeJavaScriptForChain(serverEventCode) + '\'');
         }
         Iterator<String> it = finalParams.iterator();
 
@@ -2315,6 +2313,25 @@ public final class HtmlRendererUtils {
     }
     
     /**
+     * This function correctly escapes the given JavaScript code
+     * for the use in the jsf.util.chain() JavaScript function.
+     * It also handles double-escaping correclty.
+     * @param javaScript
+     * @return
+     */
+    public static String escapeJavaScriptForChain(String javaScript)
+    {
+        // first replace \' with \\'
+        String escaped = StringUtils.replace(javaScript, "\\'", "\\\\'");
+        
+        // then replace ' with \'
+        // (this will replace every \' in the original to \\\')
+        escaped = StringUtils.replace(escaped, '\'', "\\'");
+        
+        return escaped;
+    }
+    
+    /**
      * 
      * 
      * @param facesContext



Mime
View raw message