#5971 closed defect (fixed)
"plugin" style addition and quotes in elements failing
| Reported by: | Owned by: | gregmac | |
|---|---|---|---|
| Priority: | normal | Component: | DuplicateTicketSearchPlugin |
| Severity: | normal | Keywords: | |
| Cc: | Trac Release: | 0.11 |
Description
Hi, Didn't know where to send this, but after installing this "plugin". I got an error with descriptions of tickets containing a ".
Fixed like this:
for (var i = 0; i < tickets.length && i < maxTickets; i++) {
var ticket = tickets[i];
html += '<li title="' + ticket.description.replace(/"/g,""") + '"><
a href="' + ticketBaseHref + ticket.ticket + '"><span class="' + ticket.status + '">#' + ticket.ticket + '</span></a>: ' +
ticket.type + ': ' + ticket.summary + '(' + ticket.status + (ticket.resolution ? ': ' + ticket.resolution : '') + ')' +
'</li>'
}
Not the cleanest ever, but you get the point I guess (" in title attribute).
Also to run this as a plugin, I did something like this:
/var/www/trac/plugins/duplicateticketsearch.py:
"""
DuplicateTicketSearch:
a plugin for Trac
http://trac.edgewall.org
"""
from genshi.filters.transform import Transformer
from pkg_resources import resource_filename
from trac.core import *
from trac.mimeview import Context
from trac.web.api import ITemplateStreamFilter
from trac.web.chrome import add_script
from trac.web.chrome import add_stylesheet
from trac.web.chrome import ITemplateProvider
class DuplicateTicketSearch(Component):
implements(ITemplateStreamFilter, ITemplateProvider)
### method for ITemplateStreamFilter
"""Filter a Genshi event stream prior to rendering."""
def filter_stream(self, req, method, filename, stream, data):
if filename.endswith('ticket.html'):
add_stylesheet(req, 'duplicateticketsearch/css/tracDupeSearch.css')
add_script(req, 'duplicateticketsearch/js/tracDupeSearch.js')
return stream
### methods for ITemplateProvider
def get_htdocs_dirs(self):
return [('duplicateticketsearch', resource_filename(__name__, 'htdocs'))]
def get_templates_dirs(self):
"""Return a list of directories containing the provided template
files.
"""
return []
and then copied the .js and .css file to /var/www/trac/plugins/htdocs/js and /var/www/trac/plugins/htdocs/css
Not optimal, but a step closer I guess ;)
Attachments (0)
Change History (5)
comment:1 Changed 15 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:3 follow-up: 4 Changed 15 years ago by
Thanks!
Just a comment to my fix, glad it was made a bit cleaner, but thinking of it, I think (also to be XHTML compliant), one should probably escape &,",',< and > (& " ' < >).
maybe something like:
function html_attr_escape(str) {
var escape_table = {
"'": ''', '"': '"', '<': '<', '>': '>', '&': '&'
}
/* build array to use as pattern by joining with '|' */ var escape_ary = []; for (var key in escape_table) { escape_pattern.push(key); } var escape_pattern = new RegExp( escape_ary.join('|'), 'gm' );
return str.replace(escape_pattern, function(w) { return escape_table[w]; });
}
comment:4 Changed 15 years ago by
function html_attr_escape(str) {
var escape_table = {
"'": ''',
'"': '"',
'<': '<',
'>': '>',
'&': '&'
}
/* build array to use as pattern by joining with '|' */
var escape_ary = [];
for (var key in escape_table) { escape_pattern.push(key); }
var escape_pattern = new RegExp( escape_ary.join('|'), 'gm' );
return str.replace(escape_pattern, function(w) { return escape_table[w]; });
}
comment:5 Changed 15 years ago by
I didn't include single quotes (apostrophe) but agreed, it would be better. The rest of the stuff is taken care of by the jquery trick:
$('<div/>').text('testing < with > various & elements " etc \' blah').html()
comes out as:
testing < with > various & elements " etc ' blah
where as:
$('<div/>').text('testing < with > various & elements " etc \' blah').html().replace(/"/g, '"').replace(/'/g, ''');
goes to:
"testing < with > various & elements " etc ' blah"
added in r6726
(In [6720]) Fix #5971