I think you have the branch logic backwards, but assuming you meant this the
the other way around this would be a safe change. Things get a little hairy
with objects implementing toString though, so it's not going to guard
against everything.
On Fri, Feb 22, 2008 at 11:32 AM, Cassie <[EMAIL PROTECTED]> wrote:
> How would you feel about the escape method only escaping if the str was a
> string object, so like:
>
> if (typeof str == "string") {
> return str;
> } else {
> return .... <current method contents>
> }
>
> This will save me from having to create another utility that does exactly
> that..
>
> - Cassie
>
>
> On Fri, Feb 22, 2008 at 4:28 AM, <[EMAIL PROTECTED]> wrote:
>
> > Author: etnu
> > Date: Fri Feb 22 04:28:42 2008
> > New Revision: 630172
> >
> > URL: http://svn.apache.org/viewvc?rev=630172&view=rev
> > Log:
> > Commit for SHINDIG-89
> >
> >
> > Modified:
> > incubator/shindig/trunk/features/core/legacy.js
> > incubator/shindig/trunk/features/core/prefs.js
> > incubator/shindig/trunk/features/core/util.js
> > incubator/shindig/trunk/features/views/views.js
> >
> > Modified: incubator/shindig/trunk/features/core/legacy.js
> > URL:
> >
> http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/legacy.js?rev=630172&r1=630171&r2=630172&view=diff
> >
> >
> ==============================================================================
> > --- incubator/shindig/trunk/features/core/legacy.js (original)
> > +++ incubator/shindig/trunk/features/core/legacy.js Fri Feb 22 04:28:42
> > 2008
> > @@ -138,12 +138,7 @@
> > * @return The escaped string.
> > */
> > function _hesc(str) {
> > - // '<' and '>'
> > - str = str.replace(/</g, "<").replace(/>/g, ">");
> > - // '"' and '
> > - str = str.replace(/"/g, """).replace(/'/g, "'");
> > -
> > - return str;
> > + return gadgets.util.escapeString(str);
> > }
> >
> > /**
> >
> > Modified: incubator/shindig/trunk/features/core/prefs.js
> > URL:
> >
> http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/prefs.js?rev=630172&r1=630171&r2=630172&view=diff
> >
> >
> ==============================================================================
> > --- incubator/shindig/trunk/features/core/prefs.js (original)
> > +++ incubator/shindig/trunk/features/core/prefs.js Fri Feb 22 04:28:42
> > 2008
> > @@ -240,12 +240,14 @@
> >
> > /**
> > * Retrieves a preference as a string.
> > + * Returned value will be html entity escaped.
> > + *
> > * @param {String} key The preference to fetch
> > * @return {String} The preference; if not set, an empty string
> > */
> > gadgets.Prefs.prototype.getString = function(key) {
> > var val = this.getPref_(key);
> > - return val === null ? "" : val;
> > + return val === null ? "" : gadgets.util.escapeString(val);
> > };
> >
> > /**
> > @@ -312,8 +314,9 @@
> > if (val !== null) {
> > var arr = val.split("|");
> > // Decode pipe characters.
> > + var esc = gadgets.util.escapeString;
> > for (var i = 0, j = arr.length; i < j; ++i) {
> > - arr[i] = arr[i].replace(/%7C/g, "|");
> > + arr[i] = esc(arr[i].replace(/%7C/g, "|"));
> > }
> > return arr;
> > }
> >
> > Modified: incubator/shindig/trunk/features/core/util.js
> > URL:
> >
> http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/util.js?rev=630172&r1=630171&r2=630172&view=diff
> >
> >
> ==============================================================================
> > --- incubator/shindig/trunk/features/core/util.js (original)
> > +++ incubator/shindig/trunk/features/core/util.js Fri Feb 22 04:28:42
> 2008
> > @@ -157,7 +157,7 @@
> > * @member gadgets.util
> > */
> > hasFeature : function (feature) {
> > - return typeof features[feature] === "undefined";
> > + return typeof features[feature] !== "undefined";
> > },
> >
> > /**
> > @@ -178,6 +178,40 @@
> > for (var i = 0, j = onLoadHandlers.length; i < j; ++i) {
> > onLoadHandlers[i]();
> > }
> > + },
> > +
> > + /**
> > + * Escapes the input using html entities to make it safer.
> > + *
> > + * Currently only escapes < > ' and " All known browsers
> > handle
> > + * & without issue.
> > + *
> > + * Currently not in the spec -- future proposals may change
> > + * how this is handled.
> > + *
> > + * TODO: Parsing the string would probably be more accurate and
> > faster than
> > + * a bunch of regular expressions.
> > + *
> > + * @param {String} str The string to escape
> > + * @return {String} The escaped string
> > + */
> > + escapeString : function(str) {
> > + return str.replace(/</g, "<")
> > + .replace(/>/g, ">")
> > + .replace(/"/g, """)
> > + .replace(/'/g, "'");
> > + },
> > +
> > + /**
> > + * Reverses escapeString
> > + *
> > + * @param {String} str The string to unescape.
> > + */
> > + unescapeString : function(str) {
> > + return str.replace(/</g, "<")
> > + .replace(/>/g, ">")
> > + .replace(/"/g, '"')
> > + .replace(/'/g, "'");
> > },
> >
> > /**
> >
> > Modified: incubator/shindig/trunk/features/views/views.js
> > URL:
> >
> http://svn.apache.org/viewvc/incubator/shindig/trunk/features/views/views.js?rev=630172&r1=630171&r2=630172&view=diff
> >
> >
> ==============================================================================
> > --- incubator/shindig/trunk/features/views/views.js (original)
> > +++ incubator/shindig/trunk/features/views/views.js Fri Feb 22 04:28:42
> > 2008
> > @@ -70,6 +70,9 @@
> > decodeURIComponent(urlParams["view-params"]));
> > if (tmpParams) {
> > params = tmpParams;
> > + for (var p in params) if (params.hasOwnProperty(p)) {
> > + params[p] = gadgets.util.escapeString(params[p]);
> > + }
> > }
> > }
> > currentView = supportedViews[urlParams.view] ||
> > supportedViews["default"];
> > @@ -84,19 +87,47 @@
> > gadgets.config.register("views", requiredConfig, init);
> >
> > return {
> > + /**
> > + * Attempts to navigate to this gadget in a different view. If the
> > container
> > + * supports parameters will pass the optional parameters along to
> the
> > gadget
> > + * in the new view.
> > + *
> > + * @param {gadgets.views.View} view The view to navigate to
> > + * @param {Map.<String, String>} opt_params Parameters to
> pass
> > to the
> > + * gadget after it has been navigated to on the surface
> > + */
> > requestNavigateTo : function(view, opt_params) {
> > gadgets.rpc.call(
> > null, "requestNavigateTo", null, view.getName(), opt_params);
> > },
> >
> > + /**
> > + * Returns the current view.
> > + *
> > + * @return {gadgets.views.View} The current view
> > + */
> > getCurrentView : function() {
> > return currentView;
> > },
> >
> > + /**
> > + * Returns a map of all the supported views. Keys each
> > gadgets.view.View by
> > + * its name.
> > + *
> > + * @return {Map<gadgets.views.ViewType | String,
> > gadgets.views.View>}
> > + * All supported views, keyed by their name attribute.
> > + */
> > getSupportedViews : function() {
> > return supportedViews;
> > },
> >
> > + /**
> > + * Returns the parameters passed into this gadget for this view.
> Does
> > not
> > + * include all url parameters, only the ones passed into
> > + * gadgets.views.requestNavigateTo
> > + *
> > + * @return {Map.<String, String>} The parameter map
> > + */
> > getParams : function() {
> > return params;
> > }
> > @@ -108,10 +139,16 @@
> > this.isOnlyVisible_ = !!opt_isOnlyVisible;
> > };
> >
> > +/**
> > + * @return {String} The view name.
> > + */
> > gadgets.views.View.prototype.getName = function() {
> > return this.name_;
> > };
> >
> > +/**
> > + * @return {Boolean} True if this is the only visible gadget on the
> page.
> > + */
> > gadgets.views.View.prototype.isOnlyVisibleGadget = function() {
> > return this.isOnlyVisible_;
> > };
> >
> >
> >
>
--
~Kevin
If you received this email by mistake, please delete it, cancel your mail
account, destroy your hard drive, silence any witnesses, and burn down the
building that you're in.
