Changeset 18596

Timestamp:

09/02/08 00:06:51 (4 months ago)

Author:

kan

Message:

Templateで基本的に変数にHTML escapeをかけるようにした。今はHTML出力目的でしか使ってないので

Location:

platform/air/wasaco/src

Files:

• assets/feed.tt (modified) (1 diff)
• assets/feed_channel.tt (modified) (2 diffs)
• assets/style.tt (modified) (1 diff)
• vc/kan/util/Template.as (modified) (2 diffs)
• wasaco.mxml (modified) (1 diff)

platform/air/wasaco/src/assets/feed.tt

@@ -5 +5 @@
         <td class="text">
 [% IF reply_message %]<a class="reply" href="[% reply_status_url %]"> &gt;[% reply_message %] by [% reply_user_nick %]</a><br />
-        [% html %]
+        [%u html %]
 [% IF photo_url %]<br /><a href="[% photo_url %]"><img src="[% photo_url %]" width="100px" /></a>
         </td>

platform/air/wasaco/src/assets/feed_channel.tt

@@ -5 +5 @@
         </td>
         <td class="text">
-        [% html %]
+        [%u html %]
         </td>
     </tr>
@@ -12 +12 @@
                         <span class="user">by <a href="http://wassr.jp/user/[% user_login_id %]">[% user_nick %]</a></span>
                         <span class="time">[% time %]</span>
-                        <span>[% favorites %]</span>
+                        <span>[%u favorites %]</span>
                 </td>
         </tr>

platform/air/wasaco/src/assets/style.tt

@@ -4 +4 @@
                 font-size: [% fontSize %]px;
                 font-family:"メイリオ","Hiragino Kaku Gothic Pro", "ヒラギノ角ゴ Pro W3","ＭＳ Ｐゴシック", "Osaka", sans-selif;
+                line-height: 150%;
         }
         

platform/air/wasaco/src/vc/kan/util/Template.as

@@ -10 +10 @@
                 {
                         var pattern:RegExp = /\[% ([\w-_]+?) %\]/g;
+                        var pattern_unescape:RegExp = /\[%u ([\w-_]+?) %\]/g;
                         var patternIf:RegExp = /^\[% IF ([\w-_]+?) %\](.+)$/g;
                         return template.split(/\r?\n/).map(function(line:Object, idx:Number, array:Array):Object {
@@ -24 +25 @@
                                 }
                         }).join("\n").replace(pattern, function():String{
-                                return vars[arguments[1]];
+                                return _escape(vars[arguments[1]]) ;
+                        }).replace(pattern_unescape, function():String{
+                                return vars[arguments[1]] ;
                         });
+                }
+                
+                private function _escape(str:String):String
+                {
+                        if (str) {
+                                return str.replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/&/g, '&amp;');
+                        } else {
+                                return str;
+                        }
                 }
 

platform/air/wasaco/src/wasaco.mxml

@@ -499 +499 @@
                                 if (feed_item[j]) {
                                         var vars:Object = feed_item[j];
-                                        vars.html = feed_item[j].body.replace(pattern, replaceURL);
+                                        vars.html = feed_item[j].html.replace(pattern, replaceURL);
                                         vars.profile_url = feed_item[j].user.profile_image_url;
                                         vars.user_login_id = feed_item[j].user.login_id;