Modify

Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#5971 closed defect (fixed)

"plugin" style addition and quotes in elements failing

Reported by: mendoza@… Owned by: gregmac
Priority: normal Component: DuplicateTicketSearchPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

Hi, Didn't know where to send this, but after installing this "plugin". I got an error with descriptions of tickets containing a ".

Fixed like this:

						for (var i = 0; i < tickets.length && i < maxTickets; i++) {
							var ticket = tickets[i];
							html += '<li title="' + ticket.description.replace(/"/g,"&quot;") + '"><
a href="' + ticketBaseHref + ticket.ticket + '"><span class="' + ticket.status + '">#' + ticket.ticket + '</span></a>: ' +
							        ticket.type + ': ' + ticket.summary + '(' + ticket.status + (ticket.resolution ? ': ' + ticket.resolution : '') + ')' +
							        '</li>'
					}

Not the cleanest ever, but you get the point I guess (" in title attribute).

Also to run this as a plugin, I did something like this:

/var/www/trac/plugins/duplicateticketsearch.py:

"""
DuplicateTicketSearch:
a plugin for Trac
http://trac.edgewall.org
"""

from genshi.filters.transform import Transformer

from pkg_resources import resource_filename

from trac.core import *
from trac.mimeview import Context
from trac.web.api import ITemplateStreamFilter
from trac.web.chrome import add_script
from trac.web.chrome import add_stylesheet
from trac.web.chrome import ITemplateProvider

class DuplicateTicketSearch(Component):

    implements(ITemplateStreamFilter, ITemplateProvider)

    ### method for ITemplateStreamFilter

    """Filter a Genshi event stream prior to rendering."""

    def filter_stream(self, req, method, filename, stream, data):
        if filename.endswith('ticket.html'):

            add_stylesheet(req, 'duplicateticketsearch/css/tracDupeSearch.css')
            add_script(req, 'duplicateticketsearch/js/tracDupeSearch.js')
        return stream

    ### methods for ITemplateProvider

    def get_htdocs_dirs(self):
        return [('duplicateticketsearch', resource_filename(__name__, 'htdocs'))]


    def get_templates_dirs(self):
        """Return a list of directories containing the provided template
        files.
        """
        return []

and then copied the .js and .css file to /var/www/trac/plugins/htdocs/js and /var/www/trac/plugins/htdocs/css

Not optimal, but a step closer I guess ;)

Attachments (0)

Change History (5)

comment:1 Changed 8 years ago by gregmac

Resolution: fixed
Status: newclosed

(In [6720]) Fix #5971

comment:2 Changed 8 years ago by gregmac

Trac-plugin ticket moved to #5974

comment:3 Changed 8 years ago by mendoza@…

Thanks!

Just a comment to my fix, glad it was made a bit cleaner, but thinking of it, I think (also to be XHTML compliant), one should probably escape &,",',< and > (&amp; &quot; &apos; &lt; &gt).

maybe something like:

function html_attr_escape(str) {

var escape_table = {

"'": '&apos;', '"': '&quot;', '<': '&lt;', '>': '&gt;', '&': '&amp;'

}

/* build array to use as pattern by joining with '|' */ var escape_ary = []; for (var key in escape_table) { escape_pattern.push(key); } var escape_pattern = new RegExp( escape_ary.join('|'), 'gm' );

return str.replace(escape_pattern, function(w) { return escape_table[w]; });

}

comment:4 in reply to:  3 Changed 8 years ago by anonymous

function html_attr_escape(str) {
    var escape_table = {
       "'": '&apos;',
       '"': '&quot;',
       '<': '&lt;',
       '>': '&gt;',
       '&': '&amp;'
    }
 
    /* build array to use as pattern by joining with '|' */
    var escape_ary = [];
    for (var key in escape_table) { escape_pattern.push(key); }
    var escape_pattern = new RegExp( escape_ary.join('|'), 'gm' );
 
    return str.replace(escape_pattern, function(w) { return escape_table[w]; });
}

comment:5 Changed 8 years ago by gregmac

I didn't include single quotes (apostrophe) but agreed, it would be better. The rest of the stuff is taken care of by the jquery trick:

$('<div/>').text('testing < with > various & elements " etc \' blah').html()

comes out as:

testing &lt; with &gt; various &amp; elements " etc ' blah

where as:

$('<div/>').text('testing < with > various & elements " etc \' blah').html().replace(/"/g, '&quot;').replace(/'/g, '&apos;');

goes to:

"testing &lt; with &gt; various &amp; elements &quot; etc &apos; blah"

added in r6726

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain gregmac.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.