Amebis/wxWidgets
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Escape JavaScript code in wxJSScriptWrapper constructor

Browse Source 
We can prepare the escaped code directly here, instead of waiting for
GetWrappedCode() call, this is more clear and safer as it avoids
escaping the code twice accidentally if GetWrappedCode() ends up being
called twice somehow.
This commit is contained in:
Vadim Zeitlin
2017-10-22 17:34:37 +02:00
parent 1b7bb46568
commit 836c874c88
1 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
include/wx/private/jsscriptwrapper.h
View File

@@ -20,6 +20,7 @@ class wxJSScriptWrapper
{ {
public: public:
wxJSScriptWrapper(const wxString& js, int* runScriptCount) : m_jsscript(js) wxJSScriptWrapper(const wxString& js, int* runScriptCount) : m_jsscript(js)
: m_escapedCode(js)
{ {
// We assign the return value of JavaScript snippet we execute to the // We assign the return value of JavaScript snippet we execute to the
// variable with this name in order to be able to access it later if // variable with this name in order to be able to access it later if
@@ -29,19 +30,19 @@ public:
// RunScript() (which creates a new wxJSScriptWrapper every time) to // RunScript() (which creates a new wxJSScriptWrapper every time) to
// avoid any possible conflict between different calls. // avoid any possible conflict between different calls.
m_outputVarName = wxString::Format("__wxOut%i", (*runScriptCount)++); m_outputVarName = wxString::Format("__wxOut%i", (*runScriptCount)++);
// Adds one escape level if there is a single quote, double quotes or
// escape characters
wxRegEx escapeDoubleQuotes("(\\\\*)(['\"\n\r\v\t\b\f])");
escapeDoubleQuotes.Replace(&m_escapedCode,"\\1\\1\\\\\\2");
} }
// This method is used to add a double quote level into a JavaScript code // This method is used to add a double quote level into a JavaScript code
// in order to get it working when eval is called programmatically. // in order to get it working when eval is called programmatically.
const wxString GetWrappedCode() const wxString GetWrappedCode()
{ {
// Adds one escape level if there is a single quote, double quotes or
// escape characters
wxRegEx escapeDoubleQuotes("(\\\\*)(['\"\n\r\v\t\b\f])");
escapeDoubleQuotes.Replace(&m_jsscript,"\\1\\1\\\\\\2");
return wxString::Format("try { var %s = eval(\"%s\"); true; } \ return wxString::Format("try { var %s = eval(\"%s\"); true; } \
catch (e) { e.name + \": \" + e.message; }", m_outputVarName, m_jsscript);; catch (e) { e.name + \": \" + e.message; }", m_outputVarName, m_escapedCode);
} }
const wxString GetOutputCode() const wxString GetOutputCode()
@@ -141,7 +142,7 @@ public:
} }
private: private:
wxString m_jsscript; wxString m_escapedCode;
wxString m_outputVarName; wxString m_outputVarName;
wxDECLARE_NO_COPY_CLASS(wxJSScriptWrapper); wxDECLARE_NO_COPY_CLASS(wxJSScriptWrapper);