diff options
author | ctrlaltca@gmail.com <> | 2012-03-26 10:10:51 +0000 |
---|---|---|
committer | ctrlaltca@gmail.com <> | 2012-03-26 10:10:51 +0000 |
commit | 4e92e78b70299854205294ee43f056bda619e4db (patch) | |
tree | 7615d1478c8bfdaca4b8290cef0be0919485267c /demos/quickstart/protected/pages/Fundamentals/Components.page | |
parent | b5188eed81057371f0c03d8ebf250000328e033e (diff) |
added some documentation for the changes introduced to fix #391
Diffstat (limited to 'demos/quickstart/protected/pages/Fundamentals/Components.page')
-rw-r--r-- | demos/quickstart/protected/pages/Fundamentals/Components.page | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/demos/quickstart/protected/pages/Fundamentals/Components.page b/demos/quickstart/protected/pages/Fundamentals/Components.page index 5662b53b..2ce96607 100644 --- a/demos/quickstart/protected/pages/Fundamentals/Components.page +++ b/demos/quickstart/protected/pages/Fundamentals/Components.page @@ -49,10 +49,33 @@ This is equivalent to the following, $name = $component->getFont()->getName();
$component->getFont()->setName( $name );
</com:TTextHighlighter>
+</p>
-
+<h3>Js-friendly properties</h3>
+<p class="block-content">
+A JavaScript-friendly property is a property that can accept both simple strings and raw javascript.
+Prado automatically encodes all properties sent clientside inside javascript blocks to avoid security problems (like injections or cross site scripting).
+If a property is known to always contain only safe javascript code and its value needs to bypass this encoding, that property can be defined in a special way that will make Prado mark its value as "safe".
+Js-friendly properties are identified by their name starting with 'js' (case insensitive):
+<com:TTextHighlighter CssClass="source block-content">
+// getter, defines a readable property 'Text'
+function getJsText() { … }
+// setter, defines a writable property 'Text', with $value being the value to be set to the property
+function setJsText(TJavaScriptLiteral $value) { … }
+</com:TTextHighlighter>
+Js-friendly properties can be accessed using both their Js-less name and their Js-enabled name:
+<com:TTextHighlighter CssClass="source block-content">
+// set some simple text as property value
+$component->Text = 'text';
+// set some javascript code as property value
+$component->JsText = 'raw javascript';
+</com:TTextHighlighter>
+In the first case, the property value will automatically gets encoded when sent clientside inside a javascript block.
+In the second case, the property will be 'marked' as being a safe javascript statement and will not be encoded when rendered inside a javascript block.
+This special handling makes use of the <tt>TJavaScriptLiteral</tt> class.
</p>
+
<h2 id="703">Component Events</h2>
<p id="110119" class="block-content">
Component events are special properties that take method names as their values. Attaching (setting) a method to an event will hook up the method to the places at which the event is raised. Therefore, the behavior of a component can be modified in a way that may not be foreseen during the development of the component.
|