Changeset 28898 for main/trunk/greenstone2/runtime-src/src/recpt/receptionist.cpp

Timestamp:

2014-03-14T17:13:56+13:00 (10 years ago)

Author:

ak19

Message:

1. The cgiargq query variable is now no longer escaped in the 3 simply or large forms that use it. fqv and other js escaped fields are unchanged, since the jssafe now ensures that backslashes are escaped for macro files, so these resolve correctly in query.dm. 2. securitytools.cpp and .h updated to additionally escape back slashes for macro files when javascript escaping. This is done by default, since jssafe variants of cgiargs are all that are used, and they're used in macro files. 3. Encoded versions of decodedcompressedoptions are now used in all macro files. They're always used in attributes, so the attrsafe version which is set in receptionist.cpp is used.

File:

• main/trunk/greenstone2/runtime-src/src/recpt/receptionist.cpp (modified) (1 diff)

main/trunk/greenstone2/runtime-src/src/recpt/receptionist.cpp

@@ -1532 +1532 @@
     text_t attrsafe = encodeForHTMLAttr(macrovalue);
     text_t urlsafe = encodeForURL(macrovalue);
-    text_t jssafe = encodeForJavascript(macrovalue);
+    text_t jssafe = encodeForJavascript(macrovalue); // with default setting will return \\x and \\u for macro files
     text_t csssafe = encodeForCSS(macrovalue);