[mythtv] [PATCH] Server Status Episode Descriptions
Dave Weisbeck
davemw at shaw.ca
Sun Nov 9 14:01:56 EST 2003
OK, we are both wrong. =)
It seems you are right about the onClick wanting URL encoded strings. What
is below should prove what is the right way to make it work in all cases:
<html>
<body>
<script>
function dispDesc(txt) {
wnd=window.open("", "min","width=250 height=180");
wnd.document.write("<font face=helvetica size=-1>");
wnd.document.write(txt);
wnd.document.write("</font>");
}
function jsEscape(txt) {
var retval = "";
for (i=0; i<txt.length; i++) {
if(txt.charAt(i) == '\'')
retval += "\\\'";
else if (txt.charAt(i) == '\"')
retval += "\\\"";
else if (txt.charAt(i) == '\\')
retval += "\\\\";
else
retval += txt.charAt(i);
}
return retval;
}
var Desc = 'Pilot episode of "Bob\'s Show"';
var encDesc = escape(Desc);
var jEsc = jsEscape(Desc);
var jUrlEsc = escape(jEsc);
document.write("Unencoded: "+Desc+"<br>");
document.write("URLEncoded: "+encDesc+"<br>");
document.write("JSEncoded: "+jEsc+"<br>");
document.write("JS then URL encoded: "+jUrlEsc+"<br>");
</script>
<p>
<a href=JavaScript:dispDesc('Pilot episode of "Bob\'s Show')>JS
Encoded</a><br>
<a
href=JavaScript:dispDesc('Pilot%20episode%20of%20%22Bob%27s%20Show%22')>URL
Encoded</a><br>
<a
href=JavaScript:dispDesc('Pilot%20episode%20of%20%5C%22Bob%5C%27s%20Show%5C%
22')>JS Encoded then URL Encoded</a><br>
</body>
</html>
- Dave
----- Original Message -----
From: "Brett Lucey" <brett at happykoala.com>
To: "Development of mythtv" <mythtv-dev at mythtv.org>
Sent: Sunday, November 09, 2003 9:51 AM
Subject: Re: [mythtv] [PATCH] Server Status Episode Descriptions
>
> Logically, what you're saying does make some sense, however I can testify
to
> the fact that it works perfectly :)
>
> I've (temoporarily) opened my firewall up so you can check it out if you
> want: I believe the reason it works is that the onClick() event is
treated
> like a URL. I will try and check this will browsers other than IE to make
> sure that it will be compatible.
>
> As far as the single and double quotes go, those are translated to % codes
> by QUrl, so those are a nonissue in this method as well.
>
> http://folken.happykoala.com:6544/
>
> -Brett
>
> ----- Original Message -----
> From: "Dave Weisbeck" <davemw at shaw.ca>
> To: "Development of mythtv" <mythtv-dev at mythtv.org>
> Sent: Sunday, November 09, 2003 12:09 PM
> Subject: Re: [mythtv] [PATCH] Server Status Episode Descriptions
>
>
> >
> > I don't think this is right.
> >
> > What you originally had was a partial JavaScript (JS) and HTML encoder
> > custom function. What you switched to was a URL encoder (e.g. space =
> %20).
> > The only place I see you using some escaping below is the description
that
> > goes into a JS function. JS has the same escaping rules as C
essentially,
> so
> > you need to watch out for quotes especially (as they can terminate the
> given
> > string as a funny place causing errors) and depending also the usual
> > suspects of backslashes, newlines, etc.
> >
> > I think technically your first version would have worked as it would
have
> > been JS safe, and you do a document.write with the text which is smart
> > enough to "decode" things like &. Given document.write already is
> smart
> > enough to handle the special HTML characters of <,",>,&,...all you
really
> > need is to JS escape the description. So take your original escape
> function
> > and remove the gt, lt and amp cases and switch the quot case to do the
> same
> > thing as the single quote case and I think you are good to go.
> >
> > - Dave
>
> _______________________________________________
> mythtv-dev mailing list
> mythtv-dev at mythtv.org
> http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-dev
More information about the mythtv-dev
mailing list