X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FPresenter%2FEscapedText.pm;h=1c92f6fa9c918cb59ae53e5d09de9cfc3504abc1;hb=f3324b5ad66924333bf2a313974f6d4d21932707;hp=2fc04fdeb80c087f9d98e18e4030b2b906ec909e;hpb=0e5e350124f7eec8f67109fe4777bc2dae6c0ea6;p=kivitendo-erp.git

diff --git a/SL/Presenter/EscapedText.pm b/SL/Presenter/EscapedText.pm
index 2fc04fdeb..1c92f6fa9 100644
--- a/SL/Presenter/EscapedText.pm
+++ b/SL/Presenter/EscapedText.pm
@@ -2,14 +2,23 @@ package SL::Presenter::EscapedText;
 
 use strict;
 use Exporter qw(import);
+use Scalar::Util qw(looks_like_number);
 
-our @EXPORT_OK = qw(escape is_escaped escape_js);
+our @EXPORT_OK = qw(escape is_escaped escape_js escape_js_call);
 our %EXPORT_TAGS = (ALL => \@EXPORT_OK);
 
 use JSON ();
 
 use overload '""' => \&escaped_text;
 
+my %html_entities = (
+  '<' => '&lt;',
+  '>' => '&gt;',
+  '&' => '&amp;',
+  '"' => '&quot;',
+  "'" => '&apos;',
+);
+
 # static constructors
 sub new {
   my ($class, %params) = @_;
@@ -17,11 +26,17 @@ sub new {
   return $params{text} if ref($params{text}) eq $class;
 
   my $self      = bless {}, $class;
-  $self->{text} = $params{is_escaped} ? $params{text} : $::locale->quote_special_chars('HTML', $params{text});
+  $self->{text} = $params{is_escaped} ? $params{text} : quote_html($params{text});
 
   return $self;
 }
 
+sub quote_html {
+  return undef unless defined $_[0];
+  (my $x = $_[0]) =~ s/(["'<>&])/$html_entities{$1}/ge;
+  $x
+}
+
 sub escape {
   __PACKAGE__->new(text => $_[0]);
 }
@@ -40,6 +55,20 @@ sub escape_js {
   __PACKAGE__->new(text => $text, is_escaped => 1);
 }
 
+sub escape_js_call {
+  my ($func, @args) = @_;
+
+  escape(
+      sprintf "%s(%s)",
+      escape_js($func),
+      join ", ", map {
+        looks_like_number($_)
+          ? $_
+          : '"' . escape_js($_) . '"'
+      } @args
+  );
+}
+
 # internal magic
 sub escaped_text {
   my ($self) = @_;
@@ -127,6 +156,18 @@ Static constructor, can be exported. Equivalent to calling C<< new(text => $text
 
 Static constructor, can be exported. Like C<escape> but also escapes Javascript.
 
+=item C<escape_js_call $func_name, @args>
+
+Static constructor, can be exported. Used to construct a javascript call than
+can be used for onclick handlers in other Presenter functions.
+
+For example:
+
+  L.button_tag(
+    P.escape_js_call("kivi.Package.some_func", arg_one, arg_two, arg_three)
+    title
+  )
+
 =back
 
 =head1 METHODS