Looking online people seem to suggest json encoding. So what I'm doing now
is
def view():
import gluon.contrib.simplejson.encoder
myobject = db(db.objects.id == request.args(0)).select().first()
myobject.nameJson = gluon.contrib.simplejson.encoder.encode_basestring(
myobject.name)
return dict(myobject=myobject)
(Not sure if that's the correction json method to use) And then in the view
using XML as suggested by Christian. This seems to properly escape
embedded quotes. However as I am new to web2py I would appreciate others
input about the correctness of this.
On Thursday, September 26, 2013 5:14:40 PM UTC-4, User wrote:
> Yes I by viewing source I could see that generated javascript string had
> the character entity in it, so I knew the question was how to get web2py to
> output it correctly. Using XML works! thank you. By using XML the
> generated string becomes "John's Place"
>
> My next question is why? And is it still safe from user injected code? At
> first glance it looks like someone could possibly inject something (
> myobject.name ultimately comes from user input). Maybe I can just strip
> out double quotes to make sure they can't close the string?
>
> On Thursday, September 26, 2013 12:02:55 PM UTC-4, Christian Foster Howes
> wrote:
>
>> can you use an inspector to see the actual generated javascript? it's
>> possible that web2py is escaping the apostrophe. you can try {{=XML(
>> myobject.name)}}
>>
>> On Tuesday, September 24, 2013 5:26:29 PM UTC-7, User wrote:
>>>
>>> I'm using the google map javascript api (v3). I have a google map in one
>>> of my views. I want to display the location name as the marker title (used
>>> when hovering over the marker). I'm using the following code in my view:
>>>
>>> {{block head}}
>>> <script type="text/javascript">
>>> function init_map() {
>>> var myLatlng = new google.maps.LatLng({{=myobject.lat}}, {{=
>>> myobject.lng}});
>>> var mapOptions = {
>>> center: myLatlng,
>>> zoom: 12,
>>> mapTypeId: google.maps.MapTypeId.ROADMAP
>>> };
>>> var map = new google.maps.Map(document.getElementById(
>>> "map-canvas"),
>>> mapOptions);
>>> var marker = new google.maps.Marker({
>>> position: myLatlng,
>>> map: map,
>>> title: "{{=myobject.name}}"
>>> });
>>> }
>>> google.maps.event.addDomListener(window, 'load', init_map);
>>> </script>
>>> {{end}}
>>>
>>>
>>>
>>> This works to output a map but when I mouse over the marker, the
>>> character encoding is not right. For example, if myobject.namecontains
>>> the string "John's Place" then the marker tooltip will literally
>>> display "John's Place" (that is, with the ampersand and hash). How
>>> can I get it to display the string as "John's Place" in a web safe manner?
>>>
>>>
>>>
>>>
>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
