From: SourceForge.net <no...@so...> - 2009-03-25 15:14:17
|
Bugs item #2690293, was opened at 2009-03-17 16:46 Message generated for change (Settings changed) made by mungady You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=115494&aid=2690293&group_id=15494 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: General Group: None >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: Fawad Halim (fawadhalim) Assigned to: David Gilbert (mungady) Summary: Single quotes not escaped correctly in tooltips Initial Comment: The ToolTipFragmentGenerator classes use ImageMapUtilities.htmlEscape for escaping text. This is insufficient for the Javascript based tooltip generators (DynamicDriveToolTipTagFragmentGenerator, OverLIBToolTipTagFragmentGenerator) because the single quote only gets escaped to the HTML entity '. This breaks tooltips for text containing the single quote because the ' gets expanded to the single quote without the backslash to escape it. The user sees a javascript error when the mouse is moved over an area with such a text. The attached copy of ImageMapUtilities (modified from the 1.0.12 release) introduces another helper function (javascriptEscape) that prepends a backslash to the single quote before passing it on to the htmlEscape function. The attached copies of DynamicDriveToolTipTagFragmentGenerator and OverLIBToolTipTagFragmentGenerator use this function. I have also attached a small HTML file (escaping.html) that demonstrates the problem with the current escaping approach. ---------------------------------------------------------------------- >Comment By: David Gilbert (mungady) Date: 2009-03-25 15:13 Message: OK, I've reimplemented the javascriptEscape() method and added some JUnit tests. I removed the call to also perform the HTML escaping, as I'm not convinced that it is required to create a JavaScript string literal. I could be wrong though, so please check the code and JUnit tests. ---------------------------------------------------------------------- Comment By: David Gilbert (mungady) Date: 2009-03-25 09:44 Message: Reopening because the fix needs modifying to compile under JDK 1.3.1. ---------------------------------------------------------------------- Comment By: David Gilbert (mungady) Date: 2009-03-19 10:47 Message: Thanks for the report. I've committed your fix to Subversion for inclusion in the 1.0.13 release. Best regards, Dave Gilbert JFreeChart Project Leader ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=115494&aid=2690293&group_id=15494 |