diff options
| author | Ondrej Zara <ondrej.zara@firma.seznam.cz> | 2015-08-04 16:36:30 +0200 |
|---|---|---|
| committer | Ondrej Zara <ondrej.zara@firma.seznam.cz> | 2015-08-04 16:36:30 +0200 |
| commit | 921ccb4b2139f6239da2ad76f07217775c281ea8 (patch) | |
| tree | e1e42f5ef32d31429578dbbc343a7a59073f2256 /js | |
| parent | a8f650f5c14a5d3a194ce470a49c6c483c91e9a9 (diff) | |
| download | wwwsqldesigner-921ccb4b2139f6239da2ad76f07217775c281ea8.zip wwwsqldesigner-921ccb4b2139f6239da2ad76f07217775c281ea8.tar.gz wwwsqldesigner-921ccb4b2139f6239da2ad76f07217775c281ea8.tar.bz2 | |
xml escaping, fixes #207
Diffstat (limited to 'js')
| -rw-r--r-- | js/globals.js | 4 | ||||
| -rw-r--r-- | js/row.js | 11 | ||||
| -rw-r--r-- | js/table.js | 3 |
3 files changed, 11 insertions, 7 deletions
diff --git a/js/globals.js b/js/globals.js index 29f62c5..46c7699 100644 --- a/js/globals.js +++ b/js/globals.js @@ -53,6 +53,10 @@ var SQL = { unsubscribe: function(message, subscriber) { var index = this._subscribers[message].indexOf(subscriber); if (index > -1) { this._subscribers[message].splice(index, 1); } + }, + + escape: function(str) { + return str.replace(/&/g, "&").replace(/>/g, ">").replace(/</g, "<"); } } @@ -143,7 +143,8 @@ SQL.Row.prototype.buildEdit = function() { elms.push(["null",this.dom.nll]); this.dom.comment = OZ.DOM.elm("span",{className:"comment"}); - this.dom.comment.innerHTML = this.data.comment; + this.dom.comment.innerHTML = ""; + this.dom.comment.appendChild(document.createTextNode(this.data.comment)); this.dom.commentbtn = OZ.DOM.elm("input"); this.dom.commentbtn.type = "button"; @@ -180,7 +181,8 @@ SQL.Row.prototype.changeComment = function(e) { var c = prompt(_("commenttext"),this.data.comment); if (c === null) { return; } this.data.comment = c; - this.dom.comment.innerHTML = this.data.comment; + this.dom.comment.innerHTML = ""; + this.dom.comment.appendChild(document.createTextNode(this.data.comment)); } SQL.Row.prototype.expand = function() { @@ -336,7 +338,7 @@ SQL.Row.prototype.toXML = function() { } else if (d != "CURRENT_TIMESTAMP") { d = q+d+q; } - xml += "<default>"+d+"</default>"; + xml += "<default>"+SQL.escape(d)+"</default>"; } for (var i=0;i<this.relations.length;i++) { @@ -346,8 +348,7 @@ SQL.Row.prototype.toXML = function() { } if (this.data.comment) { - var escaped = this.data.comment.replace(/&/g, "&").replace(/>/g, ">").replace(/</g, "<"); - xml += "<comment>"+escaped+"</comment>\n"; + xml += "<comment>"+SQL.escape(this.data.comment)+"</comment>\n"; } xml += "</row>\n"; diff --git a/js/table.js b/js/table.js index b72ce11..1b20f20 100644 --- a/js/table.js +++ b/js/table.js @@ -245,8 +245,7 @@ SQL.Table.prototype.toXML = function() { } var c = this.getComment(); if (c) { - c = c.replace(/&/g, "&").replace(/>/g, ">").replace(/</g, "<"); - xml += "<comment>"+c+"</comment>\n"; + xml += "<comment>"+SQL.escape(c)+"</comment>\n"; } xml += "</table>\n"; return xml; |