Modify

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#5971 closed defect (fixed)

"plugin" style addition and quotes in elements failing

Reported by: mendoza@… Owned by: gregmac
Priority: normal Component: DuplicateTicketSearchPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

Hi, Didn't know where to send this, but after installing this "plugin". I got an error with descriptions of tickets containing a ".

Fixed like this:

						for (var i = 0; i < tickets.length && i < maxTickets; i++) {
							var ticket = tickets[i];
							html += '<li title="' + ticket.description.replace(/"/g,"&quot;") + '"><
a href="' + ticketBaseHref + ticket.ticket + '"><span class="' + ticket.status + '">#' + ticket.ticket + '</span></a>: ' +
							        ticket.type + ': ' + ticket.summary + '(' + ticket.status + (ticket.resolution ? ': ' + ticket.resolution : '') + ')' +
							        '</li>'
					}

Not the cleanest ever, but you get the point I guess (" in title attribute).

Also to run this as a plugin, I did something like this:

/var/www/trac/plugins/duplicateticketsearch.py:

"""
DuplicateTicketSearch:
a plugin for Trac
http://trac.edgewall.org
"""

from genshi.filters.transform import Transformer

from pkg_resources import resource_filename

from trac.core import *
from trac.mimeview import Context
from trac.web.api import ITemplateStreamFilter
from trac.web.chrome import add_script
from trac.web.chrome import add_stylesheet
from trac.web.chrome import ITemplateProvider

class DuplicateTicketSearch(Component):

    implements(ITemplateStreamFilter, ITemplateProvider)

    ### method for ITemplateStreamFilter

    """Filter a Genshi event stream prior to rendering."""

    def filter_stream(self, req, method, filename, stream, data):
        if filename.endswith('ticket.html'):

            add_stylesheet(req, 'duplicateticketsearch/css/tracDupeSearch.css')
            add_script(req, 'duplicateticketsearch/js/tracDupeSearch.js')
        return stream

    ### methods for ITemplateProvider

    def get_htdocs_dirs(self):
        return [('duplicateticketsearch', resource_filename(__name__, 'htdocs'))]


    def get_templates_dirs(self):
        """Return a list of directories containing the provided template
        files.
        """
        return []

and then copied the .js and .css file to /var/www/trac/plugins/htdocs/js and /var/www/trac/plugins/htdocs/css

Not optimal, but a step closer I guess ;)

Attachments (0)

Change History (5)

comment:1 Changed 5 years ago by gregmac

  • Resolution set to fixed
  • Status changed from new to closed

(In [6720]) Fix #5971

comment:2 Changed 5 years ago by gregmac

Trac-plugin ticket moved to #5974

comment:3 follow-up: Changed 5 years ago by mendoza@…

Thanks!

Just a comment to my fix, glad it was made a bit cleaner, but thinking of it, I think (also to be XHTML compliant), one should probably escape &,",',< and > (&amp; &quot; &apos; &lt; &gt).

maybe something like:

function html_attr_escape(str) {

var escape_table = {

"'": '&apos;', '"': '&quot;', '<': '&lt;', '>': '&gt;', '&': '&amp;'

}

/* build array to use as pattern by joining with '|' */ var escape_ary = []; for (var key in escape_table) { escape_pattern.push(key); } var escape_pattern = new RegExp( escape_ary.join('|'), 'gm' );

return str.replace(escape_pattern, function(w) { return escape_table[w]; });

}

comment:4 in reply to: ↑ 3 Changed 5 years ago by anonymous

function html_attr_escape(str) {
    var escape_table = {
       "'": '&apos;',
       '"': '&quot;',
       '<': '&lt;',
       '>': '&gt;',
       '&': '&amp;'
    }
 
    /* build array to use as pattern by joining with '|' */
    var escape_ary = [];
    for (var key in escape_table) { escape_pattern.push(key); }
    var escape_pattern = new RegExp( escape_ary.join('|'), 'gm' );
 
    return str.replace(escape_pattern, function(w) { return escape_table[w]; });
}

comment:5 Changed 5 years ago by gregmac

I didn't include single quotes (apostrophe) but agreed, it would be better. The rest of the stuff is taken care of by the jquery trick:

$('<div/>').text('testing < with > various & elements " etc \' blah').html()

comes out as:

testing &lt; with &gt; various &amp; elements " etc ' blah

where as:

$('<div/>').text('testing < with > various & elements " etc \' blah').html().replace(/"/g, '&quot;').replace(/'/g, '&apos;');

goes to:

"testing &lt; with &gt; various &amp; elements &quot; etc &apos; blah"

added in r6726

Add Comment

Modify Ticket

Action
as closed The owner will remain gregmac.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.