From ca495758bd8bcbea66f00296d36d87f66cd5f4a8 Mon Sep 17 00:00:00 2001 From: Thomas Tanghus Date: Wed, 14 Aug 2013 23:06:43 +0200 Subject: [PATCH 1/2] Fix octemplate string escaping. --- core/js/octemplate.js | 8 ++++---- lib/base.php | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/core/js/octemplate.js b/core/js/octemplate.js index e69c6cc56e0..f7ee316f3b2 100644 --- a/core/js/octemplate.js +++ b/core/js/octemplate.js @@ -60,9 +60,9 @@ var self = this; if(typeof this.options.escapeFunction === 'function') { - for (var key = 0; key < this.vars.length; key++) { - if(typeof this.vars[key] === 'string') { - this.vars[key] = self.options.escapeFunction(this.vars[key]); + for (var key = 0; key < Object.keys(this.vars).length; key++) { + if(typeof this.vars[Object.keys(this.vars)[key]] === 'string') { + this.vars[Object.keys(this.vars)[key]] = self.options.escapeFunction(this.vars[Object.keys(this.vars)[key]]); } } } @@ -85,7 +85,7 @@ } }, options: { - escapeFunction: function(str) {return $('').text(str).html();} + escapeFunction: escapeHTML } }; diff --git a/lib/base.php b/lib/base.php index eaee8424651..18c172759b4 100644 --- a/lib/base.php +++ b/lib/base.php @@ -257,8 +257,8 @@ class OC { OC_Util::addScript("compatibility"); OC_Util::addScript("jquery.ocdialog"); OC_Util::addScript("oc-dialogs"); - OC_Util::addScript("octemplate"); OC_Util::addScript("js"); + OC_Util::addScript("octemplate"); OC_Util::addScript("eventsource"); OC_Util::addScript("config"); //OC_Util::addScript( "multiselect" ); From 776d64f804534eee724a9cd08f6c242002a75ddc Mon Sep 17 00:00:00 2001 From: Thomas Tanghus Date: Wed, 28 Aug 2013 12:50:05 +0200 Subject: [PATCH 2/2] Cache Object.keys(this.vars) --- core/js/octemplate.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/core/js/octemplate.js b/core/js/octemplate.js index f7ee316f3b2..46ffa976574 100644 --- a/core/js/octemplate.js +++ b/core/js/octemplate.js @@ -60,9 +60,10 @@ var self = this; if(typeof this.options.escapeFunction === 'function') { - for (var key = 0; key < Object.keys(this.vars).length; key++) { - if(typeof this.vars[Object.keys(this.vars)[key]] === 'string') { - this.vars[Object.keys(this.vars)[key]] = self.options.escapeFunction(this.vars[Object.keys(this.vars)[key]]); + var keys = Object.keys(this.vars); + for (var key = 0; key < keys.length; key++) { + if(typeof this.vars[keys[key]] === 'string') { + this.vars[keys[key]] = self.options.escapeFunction(this.vars[keys[key]]); } } }