projects / evergreen / pines.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 439b959)
escape text in xml
authorpines <pines@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Tue, 3 Oct 2006 23:46:16 +0000 (23:46 +0000)
committerpines <pines@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Tue, 3 Oct 2006 23:46:16 +0000 (23:46 +0000)
git-svn-id: svn://svn.open-ils.org/ILS/trunk@6377 dcc99617-32d9-48b4-a31d-7c20da2025e4

Open-ILS/xul/staff_client/chrome/content/util/error.js patch | blob | history
Open-ILS/xul/staff_client/chrome/content/util/network.js patch | blob | history
Open-ILS/xul/staff_client/server/cat/util.js patch | blob | history

diff --git a/Open-ILS/xul/staff_client/chrome/content/util/error.js b/Open-ILS/xul/staff_client/chrome/content/util/error.js
index 54c04db..3507875 100644 (file)
--- a/Open-ILS/xul/staff_client/chrome/content/util/error.js
+++ b/Open-ILS/xul/staff_client/chrome/content/util/error.js
@@ -321,7 +321,8 @@ util.error.prototype = {
                this.sound.bad();
 
 
-               //FIXME - need to escape these values before embedding them into xml.. but window.escape was weird..
+               //FIMXE - is that good enough of an escape job?
+               s = s.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
 
                var xml = '<vbox xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" xmlns:html="http://www.w3.org/1999/xhtml" flex="1">' 
                        + '<groupbox flex="1" style="overflow: auto; border: solid thin red;"><caption label="' + (title) + '"/>';
diff --git a/Open-ILS/xul/staff_client/chrome/content/util/network.js b/Open-ILS/xul/staff_client/chrome/content/util/network.js
index 3486729..5617560 100644 (file)
--- a/Open-ILS/xul/staff_client/chrome/content/util/network.js
+++ b/Open-ILS/xul/staff_client/chrome/content/util/network.js
@@ -301,10 +301,14 @@ util.network.prototype = {
                                                '<groupbox><caption label="Exceptions"/>' + 
                                                '<grid><columns><column/><column/></columns><rows>';
                                        for (var i = 0; i < r.length; i++) {
+                                               var t1 = String(r[i].ilsevent).replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;');
+                                               var t2 = String(r[i].textcode).replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;');
+                                               var t3 = String((o_params.text[r[i].ilsevent] ? o_params.text[r[i].ilsevent](r[i]) : '')).replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;');
+                                               var t4 = String(r[i].desc).replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;');
                                                xml += '<row>' + 
-                                                       '<description style="color: red" tooltiptext="' + r[i].ilsevent + '">' + r[i].textcode + '</description>' + 
-                                                       '<description>' + (o_params.text[r[i].ilsevent] ? o_params.text[r[i].ilsevent](r[i]) : '') + '</description>' + 
-                                                       '</row><row>' + '<description>' + r[i].desc + '</description>' + '</row>';
+                                                       '<description style="color: red" tooltiptext="' + t1 + '">' + t2 + '</description>' + 
+                                                       '<description>' + t3 + '</description>' + 
+                                                       '</row><row>' + '<description>' + t4 + '</description>' + '</row>';
                                        }
                                        xml += '</rows></grid></groupbox><groupbox><caption label="Override"/><hbox>' + 
                                                '<description>Force this action?</description>' + 
diff --git a/Open-ILS/xul/staff_client/server/cat/util.js b/Open-ILS/xul/staff_client/server/cat/util.js
index a6c2faf..6230b61 100644 (file)
--- a/Open-ILS/xul/staff_client/server/cat/util.js
+++ b/Open-ILS/xul/staff_client/server/cat/util.js
@@ -65,7 +65,7 @@ cat.util.transfer_copies = function(params) {
                        params.message += '"' + params.volume_label + '" on the following record (and change their circ libs to match)?';
                }
 
-               xml += '<description>' + params.message + '</description>';
+               xml += '<description>' + params.message.replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;') + '</description>';
                xml += '<hbox><button label="Transfer" name="fancy_submit"/>';
                xml += '<button label="Cancel" accesskey="C" name="fancy_cancel"/></hbox>';
                xml += '<iframe style="overflow: scroll" flex="1" src="' + urls.XUL_BIB_BRIEF + '?docid=' + params.docid + '"/>';
Evergreen working repo (PINES)