From 836c874c884dba306677c3546e9dca88b9230797 Mon Sep 17 00:00:00 2001 From: Vadim Zeitlin Date: Sun, 22 Oct 2017 17:34:37 +0200 Subject: [PATCH] Escape JavaScript code in wxJSScriptWrapper constructor We can prepare the escaped code directly here, instead of waiting for GetWrappedCode() call, this is more clear and safer as it avoids escaping the code twice accidentally if GetWrappedCode() ends up being called twice somehow. --- include/wx/private/jsscriptwrapper.h | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/include/wx/private/jsscriptwrapper.h b/include/wx/private/jsscriptwrapper.h index 367b41d19e..7daf9cc927 100644 --- a/include/wx/private/jsscriptwrapper.h +++ b/include/wx/private/jsscriptwrapper.h @@ -20,6 +20,7 @@ class wxJSScriptWrapper { public: wxJSScriptWrapper(const wxString& js, int* runScriptCount) : m_jsscript(js) + : m_escapedCode(js) { // We assign the return value of JavaScript snippet we execute to the // variable with this name in order to be able to access it later if @@ -29,19 +30,19 @@ public: // RunScript() (which creates a new wxJSScriptWrapper every time) to // avoid any possible conflict between different calls. m_outputVarName = wxString::Format("__wxOut%i", (*runScriptCount)++); + + // Adds one escape level if there is a single quote, double quotes or + // escape characters + wxRegEx escapeDoubleQuotes("(\\\\*)(['\"\n\r\v\t\b\f])"); + escapeDoubleQuotes.Replace(&m_escapedCode,"\\1\\1\\\\\\2"); } // This method is used to add a double quote level into a JavaScript code // in order to get it working when eval is called programmatically. const wxString GetWrappedCode() { - // Adds one escape level if there is a single quote, double quotes or - // escape characters - wxRegEx escapeDoubleQuotes("(\\\\*)(['\"\n\r\v\t\b\f])"); - escapeDoubleQuotes.Replace(&m_jsscript,"\\1\\1\\\\\\2"); - return wxString::Format("try { var %s = eval(\"%s\"); true; } \ - catch (e) { e.name + \": \" + e.message; }", m_outputVarName, m_jsscript);; + catch (e) { e.name + \": \" + e.message; }", m_outputVarName, m_escapedCode); } const wxString GetOutputCode() @@ -141,7 +142,7 @@ public: } private: - wxString m_jsscript; + wxString m_escapedCode; wxString m_outputVarName; wxDECLARE_NO_COPY_CLASS(wxJSScriptWrapper);