Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
    #1

    Bug in FormItem, escaping illegal character

    Hi all,

    I found bug in version SNAPSHOT_v8.3d_2012-10-02/LGPL Deployment. Here is example:

    Code:
    isc.DynamicForm.create({
width: 500,
values : {shipTo : ["MX","IT","bug"]},
fields: [{
name: "shipTo", title: "Ship to", type: "select",multiple:"true", escapeHTML:"true",
hint: "<nobr>Overnight shipping available for countries in bold</nobr>",
valueMap: {
"US" : "<b>United States</b>",
"CH" : "China",
"JA" : "<b>Japan</b>",
"IN" : "India",
"GM" : "Germany",
"FR" : "France",
"IT" : "Italy",
"RS" : "Russia",
"BR" : "<b>Brazil</b>",
"CA" : "Canada",
"MX" : "Mexico",
"SP" : "Spain",
"bug":"<iframe xxx"
},
imageURLPrefix:"flags/16/",
imageURLSuffix:".png",
valueIcons: {
"US" : "US",
"CH" : "CH",
"JA" : "JA",
"IN" : "IN",
"GM" : "GM",
"FR" : "FR",
"IT" : "IT",
"RS" : "RS",
"BR" : "BR",
"CA" : "CA",
"MX" : "MX",
"SP" : "SP"
}
}]
});
    And I found where the problem is.
    FormItem.js contains this method:

    Code:
     
mapValueToDisplay : function (value) {
    
        // escapeHTML is not doc'd at the formItem level. It doesn't make sense for
        // all form item types, such as those with a native HTML input element, so will
        // be enabled via a flag where we need it.
        var asHTML = this.canEscapeHTML && 
                    // outputAsHTML / asHTML are old and deprecated
                    (this.escapeHTML || this.outputAsHTML || this.asHTML);
        
        var displayValue = this._mapKey(value, true);
        if (displayValue != null) {
            displayValue = this._formatDataType(displayValue);
        } else {
            displayValue = this._formatDataType(value);
        }
        // Don't escape &nbsp; unless that's actually the data value!  
        if (asHTML && (value == null || value == isc.emptyString)
            && displayValue == this._$nbsp) 
        {
            asHTML = false;
        }
        if (asHTML && isc.isA.String(value)) {
            displayValue = displayValue.asHTML();
		}
		return displayValue;
		
    }
    In last condition you are testing if isc.isA.String(value), but probably you should test if isc.isA.String(displayValue) is true.

    Best regards,
    Jirka
    Tags: None
    #2
    This is not a bug. The displayValue in a valueMap should not be escaped - the value is coming from a trusted source (the developer) you are intended to be able to use HTML in these values.

    Comment

      #3
      Thank you for your answer, but I can't agree with you. In my first post is example where I want to escapeHTML in input field, but you can see result of this example on picture in attachment. I think it is not correct.
      And in our case valueMap is not coming from developer but from user input.

      Best regards,
      Jirka
      Attached Files

      Comment

        #4
        If you create a valeMap from user input, you should escape it before it is applied to the control.

        Once again we will not escape display values provided by the developer as this would prevent the use of HTML styling (as shown in the example you copied code from).

        Comment

          #5
          It must be an misunderstanding. SmartClient code of SelectItem already supports escapeHTML="true" and it is doing it by way that it really escapes HTML.

          See little bit modified code of Jirka's test case:
          Code:
          isc.DynamicForm.create({
    width: 500,
    values: {
        shipTo: ["MX", "BR"]
    },
    fields: [{
        name: "shipTo",
        title: "Ship to",
        type: "select",
        multiple: "true",
        escapeHTML: "true",
        hint: "<nobr>Overnight shipping available for countries in bold</nobr>",
        valueMap: {
            "US": "<b>United States</b>",
                "CH": "China",
                "JA": "<b>Japan</b>",
                "IN": "India",
                "GM": "Germany",
                "FR": "France",
                "IT": "Italy",
                "RS": "Russia",
                "BR": "<b>Brazil</b>",
                "CA": "Canada",
                "MX": "Mexico",
                "SP": "Spain",
                "bug": "<iframe xxx"
        },
        imageURLPrefix: "flags/16/",
        imageURLSuffix: ".png",
        valueIcons: {
            "US": "US",
                "CH": "CH",
                "JA": "JA",
                "IN": "IN",
                "GM": "GM",
                "FR": "FR",
                "IT": "IT",
                "RS": "RS",
                "BR": "BR",
                "CA": "CA",
                "MX": "MX",
                "SP": "SP"
        }
    }]
});
          and see also attached image how it looks like. My example and image looks as expected - the BUG is not visible. But Jirka's example shows the bug.
          Also the solution which Jirka suggests works for me.
          Attached Files

          Comment

            #6
            This issue has now been resolved (actually for some time).
            If you're still hitting this problem, or related problems with the latest nightly build on the 8.3p or 9.0d branch, please let us know

            Regards
            Isomorphic Software

            Comment

            Previous template Next
            Working...
            X