Hi devs,
I have this code:
var content = '$content';
I need to escape the string before it is written to the response because
otherwise the JavaScript code can be easily messed up. Is there any
utility function/macro in the platform that I can use for this purpose?
I couldn't find anything so I wrote a small velocity macro:
#**
* Escapes the given velocity string before it is assigned to a
JavaScipt variable.
* The following characters are escaped: \, ", ' and \n.
*
* @param $string the string to be escaped for JavaScript
*#
#macro(escapeForJavaScript $string)$!{string.replace('\',
'\\').replace('"', '\"').replace("'", "\'").replace("\u000D\u000A",
"\u000A").replace("\u000A", '\n')}#end
This code can be optimized in Java by traversing the string only once.
Should I add a $util.escapeForJS method or the velocity macro to the
platform?
Thanks,
Marius
_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs
