Recent Topics

Bug in javascript escaping [fixed for 1.10]

Started by on Feb 06, 2007 – Contents updated: Feb 06, 2007

Feb 06, 2007 13:44    

There is a problem with the javascript call in the toggle_display_by_id function contained in the file inc/misc/_misc.funcs:

when $text_when_displayed or $text_when_hidden contained a simple quote, there is an error. A solution is to put the following code:


* Generate a link that toggles display of an element on clicking.
* @todo Provide functionality to make those links accessible without JS (using GET parameter)
* @uses toggle_display_by_id() (JS)
* @param string ID (html) of the link
* @param string ID (html) of the target to toggle displaying
* @return string
function get_link_showhide( $link_id, $target_id, $text_when_displayed, $text_when_hidden, $display_hidden = true )
  $html = "<a id=\"$link_id\" href=\"#\" onclick=\"return toggle_display_by_id('$link_id','$target_id','".jsspecialchars($text_when_displayed )."','".jsspecialchars( $text_when_hidden )."')\">"
    .( $display_hidden ? $text_when_hidden : $text_when_displayed )
  return $html;
* Escapes strings to be included in javascript
* @param string s
function jsspecialchars($s) {
   return preg_replace('/([^ !#$%@()*+,-.\x30-\x5b\x5d-\x7e])/e',
       "'\\x'.(ord('\\1')<16? '0': '').dechex(ord('\\1'))",$s);

Feb 06, 2007 13:55

No offense intended thomas, but I edited your post to wrap your code in the appropriate CODE tag so it would display nicely. I haven't looked at your bug and wouldn't understand it if I did. I just figured when the dev team sees this post they'll see it in a visually friendly fashion.

Form is loading...

powered by b2evolution – This forum is powered by b2evolution CMS, a complete engine for your website.