diff options
author | ctrlaltca@gmail.com <> | 2012-03-25 20:51:49 +0000 |
---|---|---|
committer | ctrlaltca@gmail.com <> | 2012-03-25 20:51:49 +0000 |
commit | a3f64a4214fe0ae29ecea298542a15c6a0071a45 (patch) | |
tree | 7dc972d25947cc333b7c620b4ec1ea846e4e6ec0 /framework/Web/Javascripts/TJavaScript.php | |
parent | 05f4b961ca2e8952566867936d5e1aec6111e5b6 (diff) |
Reworked the patch for #391; now a TComponent-based controls can contain methods prefixed by "js" to indicate that those methods can receive raw javascript. Such methods can be called both in a xss-safe, javascript-encoded way: $xxx->Property="yyy" and in a raw-javascript way: $xxx->jsProperty="zzz". Patch by gabor, documentation is on the way
Diffstat (limited to 'framework/Web/Javascripts/TJavaScript.php')
-rw-r--r-- | framework/Web/Javascripts/TJavaScript.php | 22 |
1 files changed, 1 insertions, 21 deletions
diff --git a/framework/Web/Javascripts/TJavaScript.php b/framework/Web/Javascripts/TJavaScript.php index 468182d2..8c7c865b 100644 --- a/framework/Web/Javascripts/TJavaScript.php +++ b/framework/Web/Javascripts/TJavaScript.php @@ -198,7 +198,7 @@ class TJavaScript }
else if(is_object($value))
if ($value instanceof TJavaScriptLiteral)
- return preg_replace('/^\s*javascript:/', '', $value);
+ return $value->toJavaScriptLiteral();
else
return self::encode(get_object_vars($value),$toMap);
else if($value===null)
@@ -281,23 +281,3 @@ class TJavaScript }
}
-/**
- * TJavaScriptLiteral class that encloses string literals that are not
- * supposed to be escaped by TJavaScript::encode()
- *
- */
-class TJavaScriptLiteral
-{
- private $_s;
-
- public function __construct($s)
- {
- $this->_s = $s;
- }
-
- public function __toString()
- {
- return $this->_s;
- }
-}
-
|