public static String getTextInJavaScriptInXhtmlAttribute(String text) throws IOException { StringBuilder xhtml = new StringBuilder(text.length()); encodeTextInJavaScriptInXhtmlAttribute(text, xhtml); return xhtml.toString(); } }
/** * Encodes a single character and returns its String representation * or null if no modification is necessary. Any character that is * not valid in XHTML is encoded to JavaScript \\uxxxx escapes. * " and ' are changed to XHTML entities. */ private static String getEscapedCharacter(char ch) { switch(ch) { // These characters are allowed in JavaScript but need encoded for XHTML case '<': return "<"; case '>': return ">"; case '&': return "&"; case '"': return """; case '\'': return "'"; case '\r': return "
"; case '\n': return "
"; case '\t': return "	"; default: // Escape using JavaScript unicode escape when needed return NewEncodingUtils.getJavaScriptUnicodeEscapeString(ch); } }
out.write(" onclick=\""); encodeJavaScriptInXhtmlAttribute("semanticcms_openfile_servlet.openFile(\"", out); NewEncodingUtils.encodeTextInJavaScriptInXhtmlAttribute(pageRef.getBook().getName(), out); encodeJavaScriptInXhtmlAttribute("\", \"", out); NewEncodingUtils.encodeTextInJavaScriptInXhtmlAttribute(pageRef.getPath(), out); encodeJavaScriptInXhtmlAttribute("\"); return false;", out); out.write('"');
/** * Encodes a single character and returns its String representation * or null if no modification is necessary. */ private static String getEscapedCharacter(char ch) { switch(ch) { case '"': return "\\\""; case '\'': return "\\'"; case '\\': return "\\\\"; case '\b': return "\\b"; case '\f': return "\\f"; case '\r': return "\\r"; case '\n': return "\\n"; case '\t': return "\\t"; // Encode the following as unicode because escape for HTML and XHTML is different case '&': return "\\u0026"; case '<': return "\\u003c"; case '>': return "\\u003e"; default: if(ch<' ') return NewEncodingUtils.getJavaScriptUnicodeEscapeString(ch); // No conversion necessary return null; } }
/** * Encodes a single character and returns its String representation * or null if no modification is necessary. Any character that is * not valid in XHTML, or is '<', '&', or '>' is encoded to * JavaScript \\uxxxx escapes. */ private static String getEscapedCharacter(char ch) { // These characters are allowed in JavaScript but need encoded for XHTML switch(ch) { // ']' Is encoded to avoid potential ]]> encoding CDATA early? // Imagine script with: if(array[array2[index]]>value) { ... } // This didn't work as hoped, just don't use "]]>" in scripts! // TODO: Find a better way that is both HTML and XHTML compatible. // case ']' : return "\\u005d"; // Commented-out because now using CDATA // case '<': return "<"; // case '>': return ">"; // case '&': return "&"; // These character ranges are passed through unmodified case '\r': case '\n': case '\t': case '\\': return null; default: // Escape using JavaScript unicode escape when needed. return NewEncodingUtils.getJavaScriptUnicodeEscapeString(ch); } }