> On Nov. 5, 2012, 11:09 p.m., Benjamin Hindman wrote: > > src/webui/master/static/jquery.pailer.js, line 57 > > <https://reviews.apache.org/r/7854/diff/1/?file=185196#file185196line57> > > > > Me learning: is this actually necessary? Won't the "stringification" > > below via concatenation just "do the right thing"?
Looks like yes: ''+null > "null" > On Nov. 5, 2012, 11:09 p.m., Benjamin Hindman wrote: > > src/webui/master/static/jquery.pailer.js, line 67 > > <https://reviews.apache.org/r/7854/diff/1/?file=185196#file185196line67> > > > > Are you missing '`': '`'? So, most sites / implementations I'm seeing use this list. But I see some with a more comprehensive list: http://wonko.com/post/html-escaping We could even go the whole way: http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java#278 What do you think? I'm tempted to just use that expanded list I found. I'm surprised python, and underscore js don't do more escaping. > On Nov. 5, 2012, 11:09 p.m., Benjamin Hindman wrote: > > src/webui/master/static/jquery.pailer.js, line 71 > > <https://reviews.apache.org/r/7854/diff/1/?file=185196#file185196line71> > > > > Me learning: is there not the analog of 'stringify' in JS that does > > this concatenation? That would be the toString() method. But I guess underscore.js maintainers preferred: ''+string over string.toString() Any preference? - Ben ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/7854/#review13113 ----------------------------------------------------------- On Nov. 3, 2012, 9:06 p.m., Ben Mahler wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/7854/ > ----------------------------------------------------------- > > (Updated Nov. 3, 2012, 9:06 p.m.) > > > Review request for mesos, Benjamin Hindman and Brian Wickman. > > > Description > ------- > > Added our own helper because it appears jquery doesn't support it: > http://bugs.jquery.com/ticket/11773 > > Ideally, the pailer shouldn't need 3rd party libraries, so I based this on > _.escape from underscore.js (although simplified to not have to consider > unescaping). > > > Diffs > ----- > > src/webui/master/static/jquery.pailer.js > 9bcaf01f48941ab75f1156ad27c6ff03d5ede68b > > Diff: https://reviews.apache.org/r/7854/diff/ > > > Testing > ------- > > Manually tested with local runs. > > > Screenshots > ----------- > > before > https://reviews.apache.org/r/7854/s/11/ > after > https://reviews.apache.org/r/7854/s/12/ > > > Thanks, > > Ben Mahler > >
