View previous topic :: View next topic |
Author |
Message |
mohrt Administrator
Joined: 16 Apr 2003 Posts: 7368 Location: Lincoln Nebraska, USA
|
Posted: Tue Sep 14, 2010 1:39 pm Post subject: |
|
|
thomaquin wrote: | Is there a way to escape the html entity code for single or doubles quotes using the javascript escape type?
Code: |
$smarty->assign( 'name', 'O'Toole' );
<a href='#' onclick="add( '{ $name|escape:javascript }' );">
|
Results to:
Code: |
<a href='#' onclick="add( 'O'Toole' );">
|
which will surely cause a javascript error. Any help will be greatly appreciated. Thanks. |
How is O'Toole getting resolved to O'Toole ? Smarty won't do that for you. Is your browser doing that? Did you check the js console that is in fact throwing an error? |
|
Back to top |
|
douglassdavis Smarty Junkie
Joined: 21 Jan 2008 Posts: 541
|
Posted: Tue Sep 14, 2010 2:05 pm Post subject: |
|
|
Since that is actually javascript embedded inside of an html tag HTML, try doing:
|escape:'javascript'|escape
You should escape both languages.
Secondly, I'm almost sure you would want to do
Code: |
$smarty->assign( 'name', "O'Toole" );
|
and not
Code: |
$smarty->assign( 'name', "O'Toole" );
|
But, I don't know what you are using that value for, so I can't say for sure. |
|
Back to top |
|
thomaquin Smarty n00b
Joined: 14 Sep 2010 Posts: 2
|
Posted: Tue Sep 14, 2010 2:05 pm Post subject: |
|
|
I'm sorry for not being too exact and verbose.
The data containing the html entity is actually part of an array resultset from a DB query. Like so,
Code: |
$smarty->assign( 'result', $resultset );
<a href="#" onclick="add( '{$result.lastname|escape:javascript}' );">
|
where,
Code: |
$resultset['lastname'] = "O'Toole";
|
Intentionally did not complete the html entity, i.e. missed the semi-colon, since it seems that phpBB transforms it to the corresponding quote.
Although I have already found a solution for this, would just like to know whether there could be a better one.
Solution:
Code: |
<a href="#" onclick="add( '{ $result.lastname|html_entity_decode:$smarty.const.ENT_QUOTES|escape:javascript } );">
|
|
|
Back to top |
|
maarchewa Smarty n00b
Joined: 22 Aug 2011 Posts: 3
|
Posted: Tue Aug 23, 2011 12:18 pm Post subject: |
|
|
When switched from version 3.0.6 to 3.1RC1 escape:'javascript' modifier stopped working:
Code: | <b>Parse error</b>: syntax error, unexpected T_NS_SEPARATOR, expecting ')' in <b>Smarty/sysplugins/smarty_internal_templatebase.php(206) : eval()'d code</b> on line <b>13</b><br /> |
my template looks like this:
Code: |
{$callback}(
{nocache}
{literal}{{/literal}
{foreach $nodes as $nodeName=>$value}"{$nodeName|escape:'javascript'}" : "{$value|escape:'javascript'}"{if not $value@last},{/if}{/foreach}
{literal}}{/literal}
{/nocache}
);
|
string which is passed to eval function:
Code: |
'_jqjsp(
{
<?php $_smarty_tpl->tpl_vars[\'value\'] = new Smarty_Variable;
$_smarty_tpl->tpl_vars[\'nodeName\'] = new Smarty_Variable;
$_from = $_smarty_tpl->tpl_vars[\'nodes\']->value; if (!is_array($_from) && !is_object($_from)) { settype($_from, \'array\');}
$_smarty_tpl->tpl_vars[\'value\']->total= $_smarty_tpl->_count($_from);
$_smarty_tpl->tpl_vars[\'value\']->iteration=0;
if ($_smarty_tpl->tpl_vars[\'value\']->total > 0){
foreach ($_from as $_smarty_tpl->tpl_vars[\'value\']->key => $_smarty_tpl->tpl_vars[\'value\']->value){
$_smarty_tpl->tpl_vars[\'nodeName\']->value = $_smarty_tpl->tpl_vars[\'value\']->key;
$_smarty_tpl->tpl_vars[\'value\']->iteration++;
$_smarty_tpl->tpl_vars[\'value\']->last = $_smarty_tpl->tpl_vars[\'value\']->iteration === $_smarty_tpl->tpl_vars[\'value\']->total;
?>"<?php echo $_smarty_tpl->tpl_vars[\'nodeName\']->value;?>
" : "<?php echo strtr($_smarty_tpl->tpl_vars[\'value\']->value, array("\\" => "\\\\", "\'" => "\\\'", "\\"" => "\\\\"", "\\r" => "\\r", "\\n" => "\\n", "</" => "<\\/" ));?>
"<?php if (!$_smarty_tpl->tpl_vars[\'value\']->last){?>,<?php }?><?php }} ?>}
);'
|
|
|
Back to top |
|
rodneyrehm Administrator
Joined: 30 Mar 2007 Posts: 674 Location: Germany, border to Switzerland
|
Posted: Wed Aug 24, 2011 9:42 am Post subject: |
|
|
please try the 3_1_DEV branch, as I cannot reproduce your problem with that version.
Also, what you're doing here looks much like re-inventing http://php.net/json_encode _________________ Twitter |
|
Back to top |
|
mohrt Administrator
Joined: 16 Apr 2003 Posts: 7368 Location: Lincoln Nebraska, USA
|
Posted: Wed Aug 24, 2011 1:48 pm Post subject: |
|
|
You also do not need to do this with 3.x:
Code: | {literal}{{/literal}
...
{literal}}{/literal} |
Just drop the literal tags (and leave auto_literal enabled) |
|
Back to top |
|
rodneyrehm Administrator
Joined: 30 Mar 2007 Posts: 674 Location: Germany, border to Switzerland
|
|
Back to top |
|
qran Smarty n00b
Joined: 25 Nov 2015 Posts: 1
|
Posted: Wed Nov 25, 2015 10:13 pm Post subject: |
|
|
escape:javascript will fail with < /anything> (space between < and /).
$escape_html is great but what with HTML5? Double encode?
Config options for htmlspecialhars @ escape_html will be nice. |
|
Back to top |
|
|