diff options
| author | JoshyPHP <s9e.dev@gmail.com> | 2015-06-24 22:20:39 +0200 |
|---|---|---|
| committer | JoshyPHP <s9e.dev@gmail.com> | 2015-06-25 03:11:58 +0200 |
| commit | 4f1b25706f6a1ae6eb1c6c60ef27b42bb7ac4b40 (patch) | |
| tree | 8d99b3692cec947962c5abfd9e287ba176736d58 /phpBB/assets/javascript | |
| parent | 129b3375ae873b3e6e947e3c5f47897bc4f9c572 (diff) | |
| download | forums-4f1b25706f6a1ae6eb1c6c60ef27b42bb7ac4b40.tar forums-4f1b25706f6a1ae6eb1c6c60ef27b42bb7ac4b40.tar.gz forums-4f1b25706f6a1ae6eb1c6c60ef27b42bb7ac4b40.tar.bz2 forums-4f1b25706f6a1ae6eb1c6c60ef27b42bb7ac4b40.tar.xz forums-4f1b25706f6a1ae6eb1c6c60ef27b42bb7ac4b40.zip | |
[ticket/10620] Removed extraneous quotes from attribute values
PHPBB3-10620
Diffstat (limited to 'phpBB/assets/javascript')
| -rw-r--r-- | phpBB/assets/javascript/editor.js | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/phpBB/assets/javascript/editor.js b/phpBB/assets/javascript/editor.js index d0d849330a..878a5cab86 100644 --- a/phpBB/assets/javascript/editor.js +++ b/phpBB/assets/javascript/editor.js @@ -250,13 +250,13 @@ function generate_quote(text, attributes) if ('author' in attributes) { // Add the author as the BBCode's default attribute - quote += '=' + enquote(attributes.author); + quote += '=' + format_attribute_value(attributes.author); delete attributes.author; } for (var name in attributes) { var value = attributes[name]; - quote += ' ' + name + '=' + enquote(String(value)); + quote += ' ' + name + '=' + format_attribute_value(String(value)); } quote += ']' + text + '[/quote]'; @@ -264,16 +264,22 @@ function generate_quote(text, attributes) } /** -* Return given string between quotes +* Format given string to be used as an attribute value * -* Will use either single- or double- quotes depending on whichever requires less escaping. +* Will return the string as-is if it can be used in a BBCode without quotes. Otherwise, +* it will use either single- or double- quotes depending on whichever requires less escaping. * Quotes and backslashes are escaped with backslashes where necessary * * @param {!string} str Original string -* @return {!string} Escaped string within quotes +* @return {!string} Same string if possible, escaped string within quotes otherwise */ -function enquote(str) +function format_attribute_value(str) { + if (!/[ "'\\\]]/.test(str)) + { + // Return as-is if it contains none of: space, ' " \ or ] + return str; + } var singleQuoted = "'" + str.replace(/[\\']/g, '\\$&') + "'", doubleQuoted = '"' + str.replace(/[\\"]/g, '\\$&') + '"'; |