> On Nov. 5, 2012, 11:09 p.m., Benjamin Hindman wrote: > > src/webui/master/static/jquery.pailer.js, line 57 > > <https://reviews.apache.org/r/7854/diff/1/?file=185196#file185196line57> > > > > Me learning: is this actually necessary? Won't the "stringification" > > below via concatenation just "do the right thing"? > > Ben Mahler wrote: > Looks like yes: > > ''+null > > "null"
Gotcha, thanks. > On Nov. 5, 2012, 11:09 p.m., Benjamin Hindman wrote: > > src/webui/master/static/jquery.pailer.js, line 67 > > <https://reviews.apache.org/r/7854/diff/1/?file=185196#file185196line67> > > > > Are you missing '`': '`'? > > Ben Mahler wrote: > So, most sites / implementations I'm seeing use this list. > > But I see some with a more comprehensive list: > http://wonko.com/post/html-escaping > We could even go the whole way: > http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java#278 > > What do you think? I'm tempted to just use that expanded list I found. > I'm surprised python, and underscore js don't do more escaping. I guess it's probably fine for now. > On Nov. 5, 2012, 11:09 p.m., Benjamin Hindman wrote: > > src/webui/master/static/jquery.pailer.js, line 71 > > <https://reviews.apache.org/r/7854/diff/1/?file=185196#file185196line71> > > > > Me learning: is there not the analog of 'stringify' in JS that does > > this concatenation? > > Ben Mahler wrote: > That would be the toString() method. > But I guess underscore.js maintainers preferred: > > ''+string > over > string.toString() > > Any preference? The way you have it is fine. - Benjamin ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/7854/#review13113 ----------------------------------------------------------- On Nov. 7, 2012, 12:11 a.m., Ben Mahler wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/7854/ > ----------------------------------------------------------- > > (Updated Nov. 7, 2012, 12:11 a.m.) > > > Review request for mesos, Benjamin Hindman and Vinod Kone. > > > Description > ------- > > Added our own helper because it appears jquery doesn't support it: > http://bugs.jquery.com/ticket/11773 > > Ideally, the pailer shouldn't need 3rd party libraries, so I based this on > _.escape from underscore.js (although simplified to not have to consider > unescaping). > > > Diffs > ----- > > src/webui/master/static/jquery.pailer.js > 9bcaf01f48941ab75f1156ad27c6ff03d5ede68b > > Diff: https://reviews.apache.org/r/7854/diff/ > > > Testing > ------- > > Manually tested with local runs. > > > Screenshots > ----------- > > before > https://reviews.apache.org/r/7854/s/11/ > after > https://reviews.apache.org/r/7854/s/12/ > > > Thanks, > > Ben Mahler > >
