From a3f64a4214fe0ae29ecea298542a15c6a0071a45 Mon Sep 17 00:00:00 2001 From: "ctrlaltca@gmail.com" <> Date: Sun, 25 Mar 2012 20:51:49 +0000 Subject: Reworked the patch for #391; now a TComponent-based controls can contain methods prefixed by "js" to indicate that those methods can receive raw javascript. Such methods can be called both in a xss-safe, javascript-encoded way: $xxx->Property="yyy" and in a raw-javascript way: $xxx->jsProperty="zzz". Patch by gabor, documentation is on the way --- framework/Web/Javascripts/TJavaScript.php | 22 +--------------------- 1 file changed, 1 insertion(+), 21 deletions(-) (limited to 'framework/Web/Javascripts/TJavaScript.php') diff --git a/framework/Web/Javascripts/TJavaScript.php b/framework/Web/Javascripts/TJavaScript.php index 468182d2..8c7c865b 100644 --- a/framework/Web/Javascripts/TJavaScript.php +++ b/framework/Web/Javascripts/TJavaScript.php @@ -198,7 +198,7 @@ class TJavaScript } else if(is_object($value)) if ($value instanceof TJavaScriptLiteral) - return preg_replace('/^\s*javascript:/', '', $value); + return $value->toJavaScriptLiteral(); else return self::encode(get_object_vars($value),$toMap); else if($value===null) @@ -281,23 +281,3 @@ class TJavaScript } } -/** - * TJavaScriptLiteral class that encloses string literals that are not - * supposed to be escaped by TJavaScript::encode() - * - */ -class TJavaScriptLiteral -{ - private $_s; - - public function __construct($s) - { - $this->_s = $s; - } - - public function __toString() - { - return $this->_s; - } -} - -- cgit v1.2.3