0x2620/oxjs
2
0
Fork 1
Code Issues 172 Pull requests Releases Wiki Activity

properly escape user names and list names

Browse source
This commit is contained in:
rlx 2012-02-22 10:14:25 +00:00
parent e282a3a9e9
commit 68ca199ae3
6 changed files with 18 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
source/Ox.UI/js/Calendar/Ox.ListCalendar.js
View file

@ -135,6 +135,9 @@ Ox.ListCalendar = function(options, self) {
width: 256 width: 256
}, },
{ {
format: function(value) {
return Ox.encodeHTMLEntities(value);
},
id: 'user', id: 'user',
operator: '+', operator: '+',
title: 'User', title: 'User',

4
source/Ox.UI/js/Form/Ox.ArrayEditable.js
View file

@ -21,7 +21,7 @@ Ox.ArrayEditable = function(options, self) {
separator: ',', separator: ',',
sort: [], sort: [],
submitOnBlur: true, submitOnBlur: true,
tooltip: '', tooltipText: '',
type: 'input', type: 'input',
width: 256 width: 256
}) })
@ -121,7 +121,7 @@ Ox.ArrayEditable = function(options, self) {
submitOnBlur: self.options.submitOnBlur, submitOnBlur: self.options.submitOnBlur,
tooltip: ( tooltip: (
self.options.tooltipText self.options.tooltipText
? Ox.formatString(self.options.tooltipText, item) + '<br>' ? self.options.tooltipText(item) + '<br>'
: '' : ''
) + 'Click to select' + ( ) + 'Click to select' + (
item.editable item.editable

3
source/Ox.UI/js/List/Ox.TextList.js
View file

@ -19,6 +19,7 @@ Ox.TextList <f:Ox.Element> TextList Object
operator <s> default sort operator operator <s> default sort operator
title <s> ... title <s> ...
titleImage <s> ... titleImage <s> ...
unformat <f> Applied before editing
unique <b> If true, this column acts as unique id unique <b> If true, this column acts as unique id
visible <b> ... visible <b> ...
width <n> ... width <n> ...
@ -840,7 +841,7 @@ Ox.TextList = function(options, self) {
$input = Ox.Input({ $input = Ox.Input({
autovalidate: column.input ? column.input.autovalidate : null, autovalidate: column.input ? column.input.autovalidate : null,
style: 'square', style: 'square',
value: html, value: column.unformat ? column.unformat(html) : html,
width: width width: width
}) })
.bind({ .bind({

3
source/Ox.UI/js/Map/Ox.ListMap.js
View file

@ -240,6 +240,9 @@ Ox.ListMap = function(options, self) {
width: 128 width: 128
}, },
{ {
format: function(value) {
return Ox.encodeHTMLEntities(value);
},
id: 'user', id: 'user',
operator: '+', operator: '+',
title: 'User', title: 'User',

7
source/Ox.UI/js/Video/Ox.AnnotationFolder.js
View file

@ -206,7 +206,12 @@ Ox.AnnotationFolder = function(options, self) {
separator: ';', separator: ';',
sort: self.sort, sort: self.sort,
submitOnBlur: false, submitOnBlur: false,
tooltipText: self.options.showInfo ? '<b>{user}</b>, {date}' : '', tooltipText: self.options.showInfo ? function(item) {
return Ox.formatString('<b>{user}</b> {date}', {
user: Ox.encodeHTMLEntities(item.user),
date: item.date
});
} : '',
width: self.options.width, width: self.options.width,
maxHeight: self.options.type == 'text' ? Infinity : void 0, maxHeight: self.options.type == 'text' ? Infinity : void 0,
type: self.options.type == 'text' ? 'textarea' : 'input' type: self.options.type == 'text' ? 'textarea' : 'input'

2
source/Ox.UI/js/Video/Ox.AnnotationPanel.js
View file

@ -340,7 +340,7 @@ Ox.AnnotationPanel = function(options, self) {
{}, {},
{id: 'users', title: 'Show Users', disabled: true}, {id: 'users', title: 'Show Users', disabled: true},
{group: 'users', min: 1, max: -1, items: self.users.map(function(user) { {group: 'users', min: 1, max: -1, items: self.users.map(function(user) {
return {id: user, title: user, checked: return {id: user, title: Ox.encodeHTMLEntities(user), checked:
self.enabledUsers == 'all' || self.enabledUsers.indexOf(user) > -1 self.enabledUsers == 'all' || self.enabledUsers.indexOf(user) > -1
}; };
})} })}