Bugzilla – Full Text Bug Listing
| Summary: | Response-Strings in BrowserFunctions should be escaped | ||
|---|---|---|---|
| Product: | [RT] RAP | Reporter: | Philipp Leusmann <leusmann> |
| Component: | RWT | Assignee: | Project Inbox <rap-inbox> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | major | ||
| Priority: | P3 | ||
| Version: | unspecified | ||
| Target Milestone: | 1.4 M1 | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
org.apache.commons.lang.StringEscapeUtils.escapeJavaScript(String) would be better The double quote character is now escaped. What about the other characters? Cite from the StringEscaptUtils#escapeEcmaScript JavaDoc (renamed from escapeJavaScript): Escapes any values it finds into their EcmaScript String form. Deals correctly with quotes and control-chars (tab, backslash, cr, ff, etc.) So a tab becomes the characters '\\' and 't'. The only difference between Java strings and EcmaScript strings is that in EcmaScript, a single quote and forward-slash (/) are escaped. Philipp, I've just tested the tab character (\t) and it is properly visualized without escaping - no javascript errors. Do you have any particular problems with some characters? Ivan, I did not personally check all characters mentioned, but I assumed they had good reasons to escape the chosen characters. I guess the most important characters are " and ' Philipp, " and ' work... I don't think that it's necessary to escape something that is working without escaping. If you have a particular problem with some other characters, please reopen the bug. |
Build Identifier: RAP 1.3 When returning String containing "-characters, these lead to javascript-erros. At least "-characters should be escaped. Probably the same algorithm as in org.apache.commons.lang.StringEscapeUtils.escapeJava(String) from Commons-Lang could be used. Reproducible: Always Steps to Reproduce: Just create a BrowserFunction and return new String("test \" test"). untested, but should do the trick