blob: f1b677095ec3b00d8fe318337dc8b70abbf30b32 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
<?php
/**
* TComponent, TPropertyValue classes
*
* @author Qiang Xue <qiang.xue@gmail.com>
*
* Global Events, intra-object events, Class behaviors, expanded behaviors
* @author Brad Anderson <javalizard@mac.com>
*
* @link http://www.pradosoft.com/
* @copyright Copyright © 2005-2014 PradoSoft
* @license http://www.pradosoft.com/license/
* @package Prado\Web\Javascripts
*/
namespace Prado\Web\Javascripts;
/**
* TJavaScriptLiteral class that encloses string literals that are not
* supposed to be escaped by {@link TJavaScript::encode() }
*
* Since Prado 3.2 all the data that gets sent clientside inside a javascript statement
* is encoded by default to avoid any kind of injection.
* Sometimes there's the need to bypass this encoding and send raw javascript code.
* To ensure that a string doesn't get encoded by {@link TJavaScript::encode() },
* construct a new TJavaScriptLiteral:
* <code>
* // a javascript test string
* $js="alert('hello')";
* // the string in $raw will not be encoded when sent clientside inside a javascript block
* $raw=new TJavaScriptLiteral($js);
* // shortened form
* $raw=_js($js);
* </code>
*
* @package Prado\Web\Javascripts
* @since 3.2.0
*/
class TJavaScriptLiteral
{
protected $_s;
public function __construct($s)
{
$this->_s = $s;
}
public function __toString()
{
return (string)$this->_s;
}
public function toJavaScriptLiteral()
{
return $this->__toString();
}
}
|