summaryrefslogtreecommitdiff
path: root/share
diff options
context:
space:
mode:
authorJohn Christopher Anderson <jchris@apache.org>2010-06-24 16:53:43 +0000
committerJohn Christopher Anderson <jchris@apache.org>2010-06-24 16:53:43 +0000
commitead517e9c72a264e048f086999b16d4cfd801da2 (patch)
treeae17131d082edd5b4d58c5fb8fe3d29be3301037 /share
parent9a8c496a787bdef6eb0af2ded243d2bb209503d5 (diff)
proper docid escaping in Futon view display, thanks Paul Bonser. Closes COUCHDB-748
git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@957622 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'share')
-rw-r--r--share/www/script/futon.browse.js8
-rw-r--r--share/www/script/futon.format.js17
2 files changed, 12 insertions, 13 deletions
diff --git a/share/www/script/futon.browse.js b/share/www/script/futon.browse.js
index 83f29033..354a6a60 100644
--- a/share/www/script/futon.browse.js
+++ b/share/www/script/futon.browse.js
@@ -152,7 +152,7 @@
page.viewName.indexOf("/_view"));
db.compactView(groupname, {success: function(resp) { callback() }});
break;
- case "view_cleanup":
+ case "view_cleanup":
db.viewCleanup({success: function(resp) { callback() }});
break;
}
@@ -178,7 +178,7 @@
}
});
}
-
+
this.databaseSecurity = function() {
$.showDialog("dialog/_database_security.html", {
load : function(d) {
@@ -672,7 +672,7 @@
if (row.id) {
$("<td class='key'><a href='document.html?" + encodeURIComponent(db.name) +
"/" + $.couch.encodeDocId(row.id) + "'><strong></strong><br>" +
- "<span class='docid'>ID:&nbsp;" + row.id + "</span></a></td>")
+ "<span class='docid'>ID:&nbsp;" + $.futon.escape(row.id) + "</span></a></td>")
.find("strong").text(key).end()
.appendTo(tr);
} else {
@@ -851,7 +851,7 @@
return true;
} catch (err) {
var msg = err.message;
- if (msg == "parseJSON" || msg == "JSON.parse") {
+ if (msg == "parseJSON" || msg == "JSON.parse") {
msg = "There is a syntax error in the document.";
}
$("<div class='error'></div>").text(msg).appendTo(this);
diff --git a/share/www/script/futon.format.js b/share/www/script/futon.format.js
index e2eb0593..0d536e36 100644
--- a/share/www/script/futon.format.js
+++ b/share/www/script/futon.format.js
@@ -13,6 +13,11 @@
(function($) {
$.futon = $.futon || {};
$.extend($.futon, {
+ escape: function(string) {
+ return string.replace(/&/g, "&amp;")
+ .replace(/</g, "&lt;")
+ .replace(/>/g, "&gt;");
+ },
// JSON pretty printing
formatJSON: function(val, options) {
@@ -24,12 +29,6 @@
}, options || {});
var itemsep = options.linesep.length ? "," + options.linesep : ", ";
- function escape(string) {
- return string.replace(/&/g, "&amp;")
- .replace(/</g, "&lt;")
- .replace(/>/g, "&gt;");
- }
-
function format(val, depth) {
var tab = [];
for (var i = 0; i < options.indent * depth; i++) tab.push("");
@@ -45,7 +44,7 @@
retval = indentLines(retval.replace(/\r\n/g, "\n"), tab.substr(options.indent));
} else {
if (options.html) {
- retval = escape(JSON.stringify(val));
+ retval = $.futon.escape(JSON.stringify(val));
} else {
retval = JSON.stringify(val);
}
@@ -92,7 +91,7 @@
if (options.quoteKeys) {
keyDisplay = keyDisplay.substr(1, keyDisplay.length - 2);
}
- keyDisplay = "<code class='key'>" + escape(keyDisplay) + "</code>";
+ keyDisplay = "<code class='key'>" + $.futon.escape(keyDisplay) + "</code>";
if (options.quoteKeys) {
keyDisplay = '"' + keyDisplay + '"';
}
@@ -118,7 +117,7 @@
function indentLines(text, tab) {
var lines = text.split("\n");
for (var i in lines) {
- lines[i] = (i > 0 ? tab : "") + escape(lines[i]);
+ lines[i] = (i > 0 ? tab : "") + $.futon.escape(lines[i]);
}
return lines.join("<br>");
}