Opened 10 years ago

Closed 10 years ago

#14784 closed defect (fixed)

_FormWidget and MappedTextBox replace ' with " in name attribute

Reported by: Justin Doherty Owned by: bill
Priority: undecided Milestone: 1.8
Component: Dijit - Form Version: 1.7.1
Keywords: Cc:
Blocked By: Blocking:

Description (last modified by Douglas Hays)

I am using Struts2 and Dojo 1.7.1. Struts2 allows population of a Map by setting the name of field to be like: <input ... name="mapName['mapKey']" .../>

Currently in Struts, or more specifically OpenSymphony's xwork library they validate parameter names using the following regex:


Here is the documentation for struts on how to access map values:

My problem here is that _FormWidget and MappedTextBox both replace ' with &quot; for the nameAttrSetting property thus replacing my single quotes with &quot; making my parameter name no longer pass the above mentioned regex.

The code in both _FormWidget.js and MappedTextBox.js make references to however the text in the link does not mention replacing single quote, it talks about replacing double quote with &quot;

I believe the the replacement here is in error and it should be replacing double quote and not single quote.

The lines of code in question are:


line 79: this.valueNode ="<input type='hidden'" + ( ? " name='" +'/g, "&quot;") + "'" : "") + "/>", this.textbox, "after");


line 70: this.nameAttrSetting = ? ('name="' +'/g, "&quot;") + '"') : '';

I tried replacing'/g, "&quot;") with"/g, "&quot;") but found some problems with the resulting dom attributes in firebug so my suggestion would be to change them to:"/g, "&quot;").replace(/'/g, "&#39;")

Attachments (1)

14784.patch (1.4 KB) - added by Douglas Hays 10 years ago.
patch to only escape double quote

Download all attachments as: .zip

Change History (5)

comment:1 Changed 10 years ago by Douglas Hays

Description: modified (diff)
Milestone: tbd1.8
Status: newassigned

Changed 10 years ago by Douglas Hays

Attachment: 14784.patch added

patch to only escape double quote

comment:2 Changed 10 years ago by Douglas Hays

Owner: changed from Douglas Hays to bill

This seems to have been broken by [21865] and [22538]. I don't see a need to escape a single quote at all.

comment:3 Changed 10 years ago by bill

I guess you are right, I'm not sure why I escaped single quotes in those checkins.

comment:4 Changed 10 years ago by bill

Resolution: fixed
Status: assignedclosed

In [27853]:

Fix quote escaping, thanks Doug, fixes #14784, refs #10970, #11442 !strict.

Note: See TracTickets for help on using tickets.