[mythtv] [PATCH] Server Status Episode Descriptions

Brett Lucey brett at happykoala.com
Sun Nov 9 12:51:19 EST 2003


Logically, what you're saying does make some sense, however I can testify to
the fact that it works perfectly :)

I've (temoporarily) opened my firewall up so you can check it out if you
want:  I believe the reason it works is that the onClick() event is treated
like a URL.  I will try and check this will browsers other than IE to make
sure that it will be compatible.

As far as the single and double quotes go, those are translated to % codes
by QUrl, so those are a nonissue in this method as well.

http://folken.happykoala.com:6544/

-Brett

----- Original Message ----- 
From: "Dave Weisbeck" <davemw at shaw.ca>
To: "Development of mythtv" <mythtv-dev at mythtv.org>
Sent: Sunday, November 09, 2003 12:09 PM
Subject: Re: [mythtv] [PATCH] Server Status Episode Descriptions


>
> I don't think this is right.
>
> What you originally had was a partial JavaScript (JS) and HTML encoder
> custom function. What you switched to was a URL encoder (e.g. space =
%20).
> The only place I see you using some escaping below is the description that
> goes into a JS function. JS has the same escaping rules as C essentially,
so
> you need to watch out for quotes especially (as they can terminate the
given
> string as a funny place causing errors) and depending also the usual
> suspects of backslashes, newlines, etc.
>
> I think technically your first version would have worked as it would have
> been JS safe, and you do a document.write with the text which is smart
> enough to "decode" things like &amp;. Given document.write already is
smart
> enough to handle the special HTML characters of <,",>,&,...all you really
> need is to JS escape the description. So take your original escape
function
> and remove the gt, lt and amp cases and switch the quot case to do the
same
> thing as the single quote case and I think you are good to go.
>
> - Dave



More information about the mythtv-dev mailing list