diff options
Diffstat (limited to 'framework/Web/Javascripts')
| -rw-r--r-- | framework/Web/Javascripts/TJavaScript.php | 7 | ||||
| -rw-r--r-- | framework/Web/Javascripts/TJavaScriptLiteral.php | 57 | ||||
| -rw-r--r-- | framework/Web/Javascripts/TJavaScriptString.php | 31 |
3 files changed, 93 insertions, 2 deletions
diff --git a/framework/Web/Javascripts/TJavaScript.php b/framework/Web/Javascripts/TJavaScript.php index eedeb5a2..847903a7 100644 --- a/framework/Web/Javascripts/TJavaScript.php +++ b/framework/Web/Javascripts/TJavaScript.php @@ -9,6 +9,10 @@ * @package Prado\Web\Javascripts */ +namespace Prado\Web\Javascripts; +use Prado\Web\THttpUtility; +use Prado\Prado; + /** * TJavaScript class. * @@ -291,7 +295,7 @@ class TJavaScript $msg = 'Unknown error'; break; } - throw new Exception("JSON error ($err): $msg"); + throw new \Exception("JSON error ($err): $msg"); } /** @@ -302,7 +306,6 @@ class TJavaScript */ public static function JSMin($code) { - Prado::using('System.Web.Javascripts.JSMin'); return JSMin::minify($code); } } diff --git a/framework/Web/Javascripts/TJavaScriptLiteral.php b/framework/Web/Javascripts/TJavaScriptLiteral.php new file mode 100644 index 00000000..f1b67709 --- /dev/null +++ b/framework/Web/Javascripts/TJavaScriptLiteral.php @@ -0,0 +1,57 @@ +<?php +/** + * TComponent, TPropertyValue classes + * + * @author Qiang Xue <qiang.xue@gmail.com> + * + * Global Events, intra-object events, Class behaviors, expanded behaviors + * @author Brad Anderson <javalizard@mac.com> + * + * @link http://www.pradosoft.com/ + * @copyright Copyright © 2005-2014 PradoSoft + * @license http://www.pradosoft.com/license/ + * @package Prado\Web\Javascripts + */ + +namespace Prado\Web\Javascripts; + +/** + * TJavaScriptLiteral class that encloses string literals that are not + * supposed to be escaped by {@link TJavaScript::encode() } + * + * Since Prado 3.2 all the data that gets sent clientside inside a javascript statement + * is encoded by default to avoid any kind of injection. + * Sometimes there's the need to bypass this encoding and send raw javascript code. + * To ensure that a string doesn't get encoded by {@link TJavaScript::encode() }, + * construct a new TJavaScriptLiteral: + * <code> + * // a javascript test string + * $js="alert('hello')"; + * // the string in $raw will not be encoded when sent clientside inside a javascript block + * $raw=new TJavaScriptLiteral($js); + * // shortened form + * $raw=_js($js); + * </code> + * + * @package Prado\Web\Javascripts + * @since 3.2.0 + */ +class TJavaScriptLiteral +{ + protected $_s; + + public function __construct($s) + { + $this->_s = $s; + } + + public function __toString() + { + return (string)$this->_s; + } + + public function toJavaScriptLiteral() + { + return $this->__toString(); + } +}
\ No newline at end of file diff --git a/framework/Web/Javascripts/TJavaScriptString.php b/framework/Web/Javascripts/TJavaScriptString.php new file mode 100644 index 00000000..826ea28f --- /dev/null +++ b/framework/Web/Javascripts/TJavaScriptString.php @@ -0,0 +1,31 @@ +<?php +/** + * TComponent, TPropertyValue classes + * + * @author Qiang Xue <qiang.xue@gmail.com> + * + * Global Events, intra-object events, Class behaviors, expanded behaviors + * @author Brad Anderson <javalizard@mac.com> + * + * @link http://www.pradosoft.com/ + * @copyright Copyright © 2005-2014 PradoSoft + * @license http://www.pradosoft.com/license/ + * @package Prado\Web\Javascripts + */ + +namespace Prado\Web\Javascripts; + +/** + * TJavaScriptString class is an internal class that marks strings that will be + * forcibly encoded when rendered inside a javascript block + * + * @package Prado\Web\Javascripts + * @since 3.2.0 + */ +class TJavaScriptString extends TJavaScriptLiteral +{ + public function toJavaScriptLiteral() + { + return TJavaScript::jsonEncode((string)$this->_s,JSON_HEX_QUOT | JSON_HEX_APOS | JSON_HEX_TAG); + } +}
\ No newline at end of file |