[TYPO3-core] RFC: Bug 1030, 277, 1472 possibly 1270
Michael Stucki
michael at typo3.org
Wed Feb 15 10:08:19 CET 2006
Bernhard and René,
can you please discuss if this needs to be changed?
- michael
René Fritz wrote:
>
>> Description:
>> The good old unescape(rawurlencode(...)) problem :)
>
>> If JS is enclosed in <script> tags no htmlspecialchars get translated to
>> their entities when encountered in strings. So you can write anything in
>> a JS string enclosed in <script> tags and single quotes ' for example
>> except other single quotes ... they must get escaped by a backslash.
>> Stanislas noted that there are also problems with newlines but not with
>> utf-8 entities or similar special characters.
>>
>> The reason for this is that content of <script> tags are of the HTML-DTD
>> type CDATA by default.
>
> Hi Bernard
>
> I just crwled into browse_links.php and found following code which
> confuses me. Maybe this is a bug or you have to explain to me how JS in
> attributes like onclick has to be formatted.
>
> function wrapTitle($title,$v,$ext_pArrPages) {
> if ($ext_pArrPages) {
> $ficon=t3lib_iconWorks::getIcon('pages',$v);
> $onClick = "return insertElement('pages', '".$v['uid']."', 'db',
> ".t3lib_div::quoteJSvalue($v['title']).", '', '', '".$ficon."','',1);";
> } else {
> $onClick = 'return jumpToUrl(\'browse_links.php?act='.
> $GLOBALS['SOBE']->act.'&mode='.$GLOBALS['SOBE']->mode.'&expandPage='.
> $v['uid'].'\');';
> }
> return '<a href="#" onclick="'.$onClick.'">'.$title.'</a>';
> }
>
> The second onclick includes "&" which has to be
> htmlspecialchars($onClick), or not?
> I think you removed htmlspecialchars() because t3lib_div::quoteJSvalue()
> do that already for the upper value.
>
> Could you please clarify this. Is htmlspecialchars() needed in onclick or
> not?
>
> Thanks
>
> René
>
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
More information about the TYPO3-team-core
mailing list