views.js

Cassie Fri, 22 Feb 2008 11:33:24 -0800

How would you feel about the escape method only escaping if the str was a
string object, so like:


if (typeof str == "string") {
    return str;
  } else {
     return .... <current method contents>
  }

This will save me from having to create another utility that does exactly
that..

- Cassie


On Fri, Feb 22, 2008 at 4:28 AM, <[EMAIL PROTECTED]> wrote:

> Author: etnu
> Date: Fri Feb 22 04:28:42 2008
> New Revision: 630172
>
> URL: http://svn.apache.org/viewvc?rev=630172&view=rev
> Log:
> Commit for SHINDIG-89
>
>
> Modified:
>    incubator/shindig/trunk/features/core/legacy.js
>    incubator/shindig/trunk/features/core/prefs.js
>    incubator/shindig/trunk/features/core/util.js
>    incubator/shindig/trunk/features/views/views.js
>
> Modified: incubator/shindig/trunk/features/core/legacy.js
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/legacy.js?rev=630172&r1=630171&r2=630172&view=diff
>
> ==============================================================================
> --- incubator/shindig/trunk/features/core/legacy.js (original)
> +++ incubator/shindig/trunk/features/core/legacy.js Fri Feb 22 04:28:42
> 2008
> @@ -138,12 +138,7 @@
>  * @return The escaped string.
>  */
>  function _hesc(str) {
> -  // '<' and '>'
> -  str = str.replace(/</g, "&lt;").replace(/>/g, "&gt;");
> -  // '"' and '
> -  str = str.replace(/"/g, "&quot;").replace(/'/g, "&#39;");
> -
> -  return str;
> +  return gadgets.util.escapeString(str);
>  }
>
>  /**
>
> Modified: incubator/shindig/trunk/features/core/prefs.js
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/prefs.js?rev=630172&r1=630171&r2=630172&view=diff
>
> ==============================================================================
> --- incubator/shindig/trunk/features/core/prefs.js (original)
> +++ incubator/shindig/trunk/features/core/prefs.js Fri Feb 22 04:28:42
> 2008
> @@ -240,12 +240,14 @@
>
>  /**
>  * Retrieves a preference as a string.
> + * Returned value will be html entity escaped.
> + *
>  * @param {String} key The preference to fetch
>  * @return {String} The preference; if not set, an empty string
>  */
>  gadgets.Prefs.prototype.getString = function(key) {
>   var val = this.getPref_(key);
> -  return val === null ? "" : val;
> +  return val === null ? "" : gadgets.util.escapeString(val);
>  };
>
>  /**
> @@ -312,8 +314,9 @@
>   if (val !== null) {
>     var arr = val.split("|");
>     // Decode pipe characters.
> +    var esc = gadgets.util.escapeString;
>     for (var i = 0, j = arr.length; i < j; ++i) {
> -      arr[i] = arr[i].replace(/%7C/g, "|");
> +      arr[i] = esc(arr[i].replace(/%7C/g, "|"));
>     }
>     return arr;
>   }
>
> Modified: incubator/shindig/trunk/features/core/util.js
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/util.js?rev=630172&r1=630171&r2=630172&view=diff
>
> ==============================================================================
> --- incubator/shindig/trunk/features/core/util.js (original)
> +++ incubator/shindig/trunk/features/core/util.js Fri Feb 22 04:28:42 2008
> @@ -157,7 +157,7 @@
>      * @member gadgets.util
>      */
>     hasFeature : function (feature) {
> -      return typeof features[feature] === "undefined";
> +      return typeof features[feature] !== "undefined";
>     },
>
>     /**
> @@ -178,6 +178,40 @@
>       for (var i = 0, j = onLoadHandlers.length; i < j; ++i) {
>         onLoadHandlers[i]();
>       }
> +    },
> +
> +    /**
> +     * Escapes the input using html entities to make it safer.
> +     *
> +     * Currently only escapes &lt; &gt; ' and &quot; All known browsers
> handle
> +     * &amp; without issue.
> +     *
> +     * Currently not in the spec -- future proposals may change
> +     * how this is handled.
> +     *
> +     * TODO: Parsing the string would probably be more accurate and
> faster than
> +     * a bunch of regular expressions.
> +     *
> +     * @param {String} str The string to escape
> +     * @return {String} The escaped string
> +     */
> +    escapeString : function(str) {
> +      return str.replace(/</g, "&lt;")
> +                .replace(/>/g, "&gt;")
> +                .replace(/"/g, "&quot;")
> +                .replace(/'/g, "&#39;");
> +    },
> +
> +    /**
> +     * Reverses escapeString
> +     *
> +     * @param {String} str The string to unescape.
> +     */
> +    unescapeString : function(str) {
> +      return str.replace(/&lt;/g, "<")
> +                .replace(/&gt;/g, ">")
> +                .replace(/&quot;/g, '"')
> +                .replace(/&#39/g, "'");
>     },
>
>     /**
>
> Modified: incubator/shindig/trunk/features/views/views.js
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/features/views/views.js?rev=630172&r1=630171&r2=630172&view=diff
>
> ==============================================================================
> --- incubator/shindig/trunk/features/views/views.js (original)
> +++ incubator/shindig/trunk/features/views/views.js Fri Feb 22 04:28:42
> 2008
> @@ -70,6 +70,9 @@
>           decodeURIComponent(urlParams["view-params"]));
>       if (tmpParams) {
>         params = tmpParams;
> +        for (var p in params) if (params.hasOwnProperty(p)) {
> +          params[p] = gadgets.util.escapeString(params[p]);
> +        }
>       }
>     }
>     currentView = supportedViews[urlParams.view] ||
> supportedViews["default"];
> @@ -84,19 +87,47 @@
>   gadgets.config.register("views", requiredConfig, init);
>
>   return {
> +    /**
> +     * Attempts to navigate to this gadget in a different view. If the
> container
> +     * supports parameters will pass the optional parameters along to the
> gadget
> +     * in the new view.
> +     *
> +     * @param {gadgets.views.View} view The view to navigate to
> +     * @param {Map.&lt;String, String&gt;} opt_params Parameters to pass
> to the
> +     *     gadget after it has been navigated to on the surface
> +     */
>     requestNavigateTo : function(view, opt_params) {
>       gadgets.rpc.call(
>           null, "requestNavigateTo", null, view.getName(), opt_params);
>     },
>
> +    /**
> +     * Returns the current view.
> +     *
> +     * @return {gadgets.views.View} The current view
> +     */
>     getCurrentView : function() {
>       return currentView;
>     },
>
> +    /**
> +     * Returns a map of all the supported views. Keys each
> gadgets.view.View by
> +     * its name.
> +     *
> +     * @return {Map&lt;gadgets.views.ViewType | String,
> gadgets.views.View&gt;}
> +     *   All supported views, keyed by their name attribute.
> +     */
>     getSupportedViews : function() {
>       return supportedViews;
>     },
>
> +    /**
> +     * Returns the parameters passed into this gadget for this view. Does
> not
> +     * include all url parameters, only the ones passed into
> +     * gadgets.views.requestNavigateTo
> +     *
> +     * @return {Map.&lt;String, String&gt;} The parameter map
> +     */
>     getParams : function() {
>       return params;
>     }
> @@ -108,10 +139,16 @@
>   this.isOnlyVisible_ = !!opt_isOnlyVisible;
>  };
>
> +/**
> + * @return {String} The view name.
> + */
>  gadgets.views.View.prototype.getName = function() {
>   return this.name_;
>  };
>
> +/**
> + * @return {Boolean} True if this is the only visible gadget on the page.
> + */
>  gadgets.views.View.prototype.isOnlyVisibleGadget = function() {
>   return this.isOnlyVisible_;
>  };
>
>
>

Re: svn commit: r630172 - in /incubator/shindig/trunk/features: core/legacy.js core/prefs.js core/util.js views/views.js

Reply via email to