Changeset 33544
- Timestamp:
- 2019-10-03T18:56:15+13:00 (5 years ago)
- Location:
- main/trunk/greenstone3/web/interfaces/default
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone3/web/interfaces/default/js/facet-scripts.js
r33322 r33544 15 15 for(var key in gs.cgiParams) 16 16 { 17 if (gs.cgiParams.hasOwnProperty(key)) 18 { 19 searchString += key.replace(/_/g, ".") + "=" + gs.cgiParams[key] + "&"; 20 } 17 if (gs.cgiParams.hasOwnProperty(key)) 18 { 19 searchString += key.replace(/_/g, ".") + "=" + makeURLComponentSafe(gs.cgiParams[key]) + "&"; 20 //console.log("PARAM FOR key " + key + ":" + gs.cgiParams[key]); 21 //console.log("SAFE PARAM FOR " + key + ":" + makeURLComponentSafe(gs.cgiParams[key])); 22 } 21 23 } 22 24 … … 32 34 // calling makeURLSafe() here will ensure percent signs are escaped away too 33 35 // by the end of makeURLComponentSafe() call below 36 // Note that apostrophe's in URLs should get encoded, https://www.techwalla.com/articles/how-to-encode-an-apostrophe-in-a-url 37 // though the apostrophe is not in that other list of invalid and unsafe chars in urls dealt with in utility_scripts.js 34 38 countsStringBuffer += "\"" + makeURLSafe(counts[i]).replace(/'/g, "%2527") + "\""; 35 39 if(i < counts.length - 1) -
main/trunk/greenstone3/web/interfaces/default/js/utility_scripts.js
r33155 r33544 29 29 ; / ? : @ = & 30 30 -----> %3B %2F %3F %3A %40 %3D %26 31 [Now also reserved, but no special meaning yet in URLs (https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent) 32 and not required to be enforced yet, so we're aren't at present dealing with these: 33 ! ' ( ) * 34 ] 31 35 Unsafe chars: 32 36 " < > # % { } | \ ^ ~ [ ] ` and SPACE/BLANK … … 35 39 https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI 36 40 Possibly more info: https://stackoverflow.com/questions/1547899/which-characters-make-a-url-invalid 41 42 And the bottom of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent 43 lists additional characters that have been reserved since and which need encoding when in a URL component. 37 44 38 45 Javascript already provides functions encodeURI() and encodeURIComponent(), see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI -
main/trunk/greenstone3/web/interfaces/default/transform/javascript-global-setup.xsl
r33040 r33544 34 34 <xsl:for-each select="/page/pageRequest/paramList/param"> 35 35 <xsl:text disable-output-escaping="yes">name = "</xsl:text><xsl:value-of select="@name"/><xsl:text disable-output-escaping="yes">";</xsl:text> 36 <xsl:text disable-output-escaping="yes">value = "</xsl:text><xsl:value-of select="util:escapeNewLinesAndQuotes(@value)"/><xsl:text disable-output-escaping="yes">";</xsl:text>36 <xsl:text disable-output-escaping="yes">value = "</xsl:text><xsl:value-of disable-output-escaping="yes" select="util:escapeNewLinesAndQuotes(@value)"/><xsl:text disable-output-escaping="yes">";</xsl:text> 37 37 <xsl:text disable-output-escaping="yes">name = name.replace(".", "_");</xsl:text> 38 gs.cgiParams[name] = value; 38 gs.cgiParams[name] = value; 39 39 </xsl:for-each> 40 40 </script>
Note:
See TracChangeset
for help on using the changeset viewer.