properly escape user names and list names
This commit is contained in:
rlx
parent
e282a3a9e9
commit
68ca199ae3
6 changed files with 18 additions and 6 deletions
|
|
@ -135,6 +135,9 @@ Ox.ListCalendar = function(options, self) {
|
|||
width: 256
|
||||
},
|
||||
{
|
||||
format: function(value) {
|
||||
return Ox.encodeHTMLEntities(value);
|
||||
},
|
||||
id: 'user',
|
||||
operator: '+',
|
||||
title: 'User',
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ Ox.ArrayEditable = function(options, self) {
|
|||
separator: ',',
|
||||
sort: [],
|
||||
submitOnBlur: true,
|
||||
tooltip: '',
|
||||
tooltipText: '',
|
||||
type: 'input',
|
||||
width: 256
|
||||
})
|
||||
|
|
@ -121,8 +121,8 @@ Ox.ArrayEditable = function(options, self) {
|
|||
submitOnBlur: self.options.submitOnBlur,
|
||||
tooltip: (
|
||||
self.options.tooltipText
|
||||
? Ox.formatString(self.options.tooltipText, item) + '<br>'
|
||||
: ''
|
||||
? self.options.tooltipText(item) + '<br>'
|
||||
: ''
|
||||
) + 'Click to select' + (
|
||||
item.editable
|
||||
? ', doubleclick to edit'
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ Ox.TextList <f:Ox.Element> TextList Object
|
|||
operator <s> default sort operator
|
||||
title <s> ...
|
||||
titleImage <s> ...
|
||||
unformat <f> Applied before editing
|
||||
unique <b> If true, this column acts as unique id
|
||||
visible <b> ...
|
||||
width <n> ...
|
||||
|
|
@ -840,7 +841,7 @@ Ox.TextList = function(options, self) {
|
|||
$input = Ox.Input({
|
||||
autovalidate: column.input ? column.input.autovalidate : null,
|
||||
style: 'square',
|
||||
value: html,
|
||||
value: column.unformat ? column.unformat(html) : html,
|
||||
width: width
|
||||
})
|
||||
.bind({
|
||||
|
|
|
|||
|
|
@ -240,6 +240,9 @@ Ox.ListMap = function(options, self) {
|
|||
width: 128
|
||||
},
|
||||
{
|
||||
format: function(value) {
|
||||
return Ox.encodeHTMLEntities(value);
|
||||
},
|
||||
id: 'user',
|
||||
operator: '+',
|
||||
title: 'User',
|
||||
|
|
|
|||
|
|
@ -206,7 +206,12 @@ Ox.AnnotationFolder = function(options, self) {
|
|||
separator: ';',
|
||||
sort: self.sort,
|
||||
submitOnBlur: false,
|
||||
tooltipText: self.options.showInfo ? '<b>{user}</b>, {date}' : '',
|
||||
tooltipText: self.options.showInfo ? function(item) {
|
||||
return Ox.formatString('<b>{user}</b> {date}', {
|
||||
user: Ox.encodeHTMLEntities(item.user),
|
||||
date: item.date
|
||||
});
|
||||
} : '',
|
||||
width: self.options.width,
|
||||
maxHeight: self.options.type == 'text' ? Infinity : void 0,
|
||||
type: self.options.type == 'text' ? 'textarea' : 'input'
|
||||
|
|
|
|||
|
|
@ -340,7 +340,7 @@ Ox.AnnotationPanel = function(options, self) {
|
|||
{},
|
||||
{id: 'users', title: 'Show Users', disabled: true},
|
||||
{group: 'users', min: 1, max: -1, items: self.users.map(function(user) {
|
||||
return {id: user, title: user, checked:
|
||||
return {id: user, title: Ox.encodeHTMLEntities(user), checked:
|
||||
self.enabledUsers == 'all' || self.enabledUsers.indexOf(user) > -1
|
||||
};
|
||||
})}
|
||||
|
|
|
|||
Loading…
Reference in a new issue