FilteringTable doesn't display non HTML data with HTML escape codes for special characters

[greensun@…]

Version 0.4.1 Rev: 6824

FilteringTable? has some logic within fillCell that checks if the dataType (wh/ becomes sortType) attribute on the div is set to "html", "markup", "date", "number", or "anything else".

I expect that, when I set dataType to "html" (or "markup") the contents would be treated as HTML, which they are. However, I also expected that if I remove dataType from the div, or set it to something like "String" any special HTML characters would NOT be treated as HTML, and instead displayed as actual characters.

By default the FilteringTable? doesn't perform that. This is the change I made to the very last else clause in the fillCell function. It's what gets called when dataType is not html, date, markup, or a number:

else {

cell.innerHTML = val; <-- this was the original line

cell.innerHTML =

val.replace(/&/g, "&amp;").replace(/</g,"&lt;").replace(/>/g, "&gt;");

}

&amp; (ampersand) is the entity representation for &

&lt; (less than) is the entity representation for <

&gt; (greater than) is the entity representation for >

I would recommend putting the replace logic in its own global function.

Also, some widgets by default display "&nbsp;" (non breaking space) as a placeholder for an empty table data tag (<td>). With this change, those non breaking spaces should be removed (change "&nbsp;" to "") and the CSS entry used instead ("empty-cells:show;" -- attach it to the table). The CSS entry should be used regardless, but in this case if datType is not set to "html" or "markup", the & will display as an actual & and the cell will display text that looks like "&nbsp".

[Tom Trenka]

Filtering is dead, long live the king!