From ead517e9c72a264e048f086999b16d4cfd801da2 Mon Sep 17 00:00:00 2001 From: John Christopher Anderson Date: Thu, 24 Jun 2010 16:53:43 +0000 Subject: proper docid escaping in Futon view display, thanks Paul Bonser. Closes COUCHDB-748 git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@957622 13f79535-47bb-0310-9956-ffa450edef68 --- THANKS | 1 + share/www/script/futon.browse.js | 8 ++++---- share/www/script/futon.format.js | 17 ++++++++--------- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/THANKS b/THANKS index 754a2e8f..7ed26d0e 100644 --- a/THANKS +++ b/THANKS @@ -62,5 +62,6 @@ suggesting improvements or submitting changes. Some of these people are: * Dmitry Unkovsky * Zachary Zolton * Brian Jenkins + * Paul Bonser For a list of authors see the `AUTHORS` file. diff --git a/share/www/script/futon.browse.js b/share/www/script/futon.browse.js index 83f29033..354a6a60 100644 --- a/share/www/script/futon.browse.js +++ b/share/www/script/futon.browse.js @@ -152,7 +152,7 @@ page.viewName.indexOf("/_view")); db.compactView(groupname, {success: function(resp) { callback() }}); break; - case "view_cleanup": + case "view_cleanup": db.viewCleanup({success: function(resp) { callback() }}); break; } @@ -178,7 +178,7 @@ } }); } - + this.databaseSecurity = function() { $.showDialog("dialog/_database_security.html", { load : function(d) { @@ -672,7 +672,7 @@ if (row.id) { $("
" + - "ID: " + row.id + "") + "ID: " + $.futon.escape(row.id) + "") .find("strong").text(key).end() .appendTo(tr); } else { @@ -851,7 +851,7 @@ return true; } catch (err) { var msg = err.message; - if (msg == "parseJSON" || msg == "JSON.parse") { + if (msg == "parseJSON" || msg == "JSON.parse") { msg = "There is a syntax error in the document."; } $("
").text(msg).appendTo(this); diff --git a/share/www/script/futon.format.js b/share/www/script/futon.format.js index e2eb0593..0d536e36 100644 --- a/share/www/script/futon.format.js +++ b/share/www/script/futon.format.js @@ -13,6 +13,11 @@ (function($) { $.futon = $.futon || {}; $.extend($.futon, { + escape: function(string) { + return string.replace(/&/g, "&") + .replace(//g, ">"); + }, // JSON pretty printing formatJSON: function(val, options) { @@ -24,12 +29,6 @@ }, options || {}); var itemsep = options.linesep.length ? "," + options.linesep : ", "; - function escape(string) { - return string.replace(/&/g, "&") - .replace(//g, ">"); - } - function format(val, depth) { var tab = []; for (var i = 0; i < options.indent * depth; i++) tab.push(""); @@ -45,7 +44,7 @@ retval = indentLines(retval.replace(/\r\n/g, "\n"), tab.substr(options.indent)); } else { if (options.html) { - retval = escape(JSON.stringify(val)); + retval = $.futon.escape(JSON.stringify(val)); } else { retval = JSON.stringify(val); } @@ -92,7 +91,7 @@ if (options.quoteKeys) { keyDisplay = keyDisplay.substr(1, keyDisplay.length - 2); } - keyDisplay = "" + escape(keyDisplay) + ""; + keyDisplay = "" + $.futon.escape(keyDisplay) + ""; if (options.quoteKeys) { keyDisplay = '"' + keyDisplay + '"'; } @@ -118,7 +117,7 @@ function indentLines(text, tab) { var lines = text.split("\n"); for (var i in lines) { - lines[i] = (i > 0 ? tab : "") + escape(lines[i]); + lines[i] = (i > 0 ? tab : "") + $.futon.escape(lines[i]); } return lines.join("
"); } -- cgit v1.2.3