projects / transitory.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch (parent: 022b495)
Clean up and refine serial note support, part 2
authorDan Wells <dbw2@calvin.edu>
Tue, 17 Apr 2012 21:35:26 +0000 (17:35 -0400)
committerDan Wells <dbw2@calvin.edu>
Tue, 17 Apr 2012 22:14:50 +0000 (18:14 -0400)
Because of the way our notes are being rendered, a handful of
special XML characters can break the note interface when editing.
These characters are now properly encoded as entities.

Also, editing of newlines presents a similar issue with different
consequences, and it is handled similarly but separately.

Signed-off-by: Dan Wells <dbw2@calvin.edu>

Open-ILS/xul/staff_client/server/serial/notes.xul patch | blob | history

diff --git a/Open-ILS/xul/staff_client/server/serial/notes.xul b/Open-ILS/xul/staff_client/server/serial/notes.xul
index bb6ce84..2009de6 100644 (file)
--- a/Open-ILS/xul/staff_client/server/serial/notes.xul
+++ b/Open-ILS/xul/staff_client/server/serial/notes.xul
@@ -171,6 +171,10 @@
 
                }
                
+               function xml_encode(str) {
+                       return str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&apos;');
+               }
+
                function new_note(index) {
                        var public = false;
                        var title = '';
@@ -182,8 +186,8 @@
                        if (typeof index != 'undefined') {
                                edit_mode = true;
                                public = get_bool(g.notes[index].pub());
-                               title = g.notes[index].title();
-                               value = g.notes[index].value();
+                               title = xml_encode(g.notes[index].title());
+                               value = xml_encode(g.notes[index].value());
                                label_text = $('serialStrings').getString('staff.serial.notes.edit_note.label');
                                button_accesskey = $('serialStrings').getString('staff.serial.notes.edit_note.accesskey');
                        } else {
@@ -193,6 +197,7 @@
 
                        try {
                                netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect UniversalBrowserWrite");
+                               value = value.replace(/\n/g, "&#10;"); // preserve newlines
                                var xml = '<groupbox xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" flex="1"> \
                                        <caption label="' + label_text + '"/> \
                                        <grid flex="1"><columns><column/><column flex="1"/></columns> \
Miscellaneous, temporary stuff