From: Sven Schöling Date: Mon, 15 Jul 2013 16:44:22 +0000 (+0200) Subject: Javascript escape nach Ecmascript Spec. X-Git-Tag: release-3.1.0beta1~161^2~52 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=2a8df53fac09e95c9199021399e2343ff766535d;p=kivitendo-erp.git Javascript escape nach Ecmascript Spec. Es gab einen Eckfall mit CR wo das kaputt gegangen ist, Spec kennt noch als weitere Randfälle TAB, VT, ' und BS --- diff --git a/SL/Template/Plugin/JavaScript.pm b/SL/Template/Plugin/JavaScript.pm index 2e05bed57..16989e9a2 100644 --- a/SL/Template/Plugin/JavaScript.pm +++ b/SL/Template/Plugin/JavaScript.pm @@ -17,14 +17,23 @@ sub new { # public interface # +# see ecmascript spec section 7.8.4 +my @escape_chars = ('\\', '\'', '"'); +my %control_chars = ( + "\n" => 'n', + "\t" => 't', + "\r" => 'r', + "\f" => 'f', + "\x08" => 'b', + "\x0B" => 'v', # noone uses vertical tab anyway... +); +my $re = join '', map { qr/($_)/s } join '|', keys(%control_chars), map { "\Q$_\E" } @escape_chars; + sub escape { my $self = shift; my $text = shift; - $text =~ s|\\|\\\\|g; - $text =~ s|\"|\\\"|g; - $text =~ s|\n|\\n|g; - $text =~ s|\r|\\r|g; + $text =~ s/$re/'\\' . ($control_chars{$1} || $1)/egs; return $text; }