[mythtv] [PATCH] Server Status Episode Descriptions
Dave Weisbeck
davemw at shaw.ca
Sun Nov 9 12:09:03 EST 2003
I don't think this is right.
What you originally had was a partial JavaScript (JS) and HTML encoder
custom function. What you switched to was a URL encoder (e.g. space = %20).
The only place I see you using some escaping below is the description that
goes into a JS function. JS has the same escaping rules as C essentially, so
you need to watch out for quotes especially (as they can terminate the given
string as a funny place causing errors) and depending also the usual
suspects of backslashes, newlines, etc.
I think technically your first version would have worked as it would have
been JS safe, and you do a document.write with the text which is smart
enough to "decode" things like &. Given document.write already is smart
enough to handle the special HTML characters of <,",>,&,...all you really
need is to JS escape the description. So take your original escape function
and remove the gt, lt and amp cases and switch the quot case to do the same
thing as the single quote case and I think you are good to go.
- Dave
----- Original Message -----
From: "Brett Lucey" <brett at happykoala.com>
To: "Development of mythtv" <mythtv-dev at mythtv.org>
Sent: Sunday, November 09, 2003 1:30 AM
Subject: Re: [mythtv] [PATCH] Server Status Episode Descriptions
>
> Ok... that was much easier than I suspect, so sorry for firing off two
> emails to the list in such a short time... here's the patch reworked:
>
> -Brett
>
>
> Index: programs/mythbackend/mainserver.cpp
> ===================================================================
> RCS file: /var/lib/mythcvs/mythtv/programs/mythbackend/mainserver.cpp,v
> retrieving revision 1.88
> diff -u -r1.88 mainserver.cpp
> --- programs/mythbackend/mainserver.cpp 1 Nov 2003 18:08:35 -0000
1.88
> +++ programs/mythbackend/mainserver.cpp 9 Nov 2003 09:31:28 -0000
> @@ -2447,10 +2447,20 @@
> }
> else
> {
> +
> os << "<P>The next " << iNum << " show" << (iNum == 1 ? "" : "s" )
> << " that " << (iNum == 1 ? "is" : "are")
> << " scheduled for recording:<BR>\r\n";
>
> + os << "<Script language=JavaScript>";
> + os << "function dispDesc(txt) {\r\n";
> + os << "wnd=window.open(\"\", \"min\",\"width=250 height=180\");";
> + os << "wnd.document.write(\"<font face=helvetica size=-1>\");";
> + os << "wnd.document.write(txt);";
> + os << "wnd.document.write(\"</font>\");";
> + os << "}";
> + os << "</script>";
> +
> os << "<TABLE BORDER WIDTH=80%>\r\n";
> os << "<TR><TH>Start
> Time</TH><TH>Show</TH><TH>Encoder</TH></TR>\r\n";
> list<ProgramInfo *>::iterator iter = recordinglist->begin();
> @@ -2464,10 +2474,14 @@
> }
> else
> {
> + QString qstrDescription = (*iter)->description;
> + QUrl::encode(qstrDescription);
> os << "<TR " << ((i % 2 == 0) ? "BGCOLOR=EEEEEE" : "") <<
> ">"
> << "<TD>" <<
((*iter)->startts).toString(shortdateformat)
> << " " << ((*iter)->startts).toString(timeformat) <<
> "</TD>"
> - << "<TD>" << (*iter)->title << "</TD>"
> + << "<TD>" << "<a href=\"javascript:dispDesc('" <<
> + qstrDescription << "')\">"
> + << (*iter)->title << "</a></TD>"
> << "<TD>" << (*iter)->cardid << "</TD></TR>\r\n";
> }
> }
>
> _______________________________________________
> mythtv-dev mailing list
> mythtv-dev at mythtv.org
> http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-dev
More information about the mythtv-dev
mailing list