Home Explore Help
Sign In
githab
/
bootstrap-table
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

add function escapeHTML for preventing add custom row attribute with double quote

Ice5050 11 years ago
parent
9944aaa08e
commit
c64bad0d8a
1 changed files with 14 additions and 1 deletions
Split View Show Diff Stats
  1. 14 1
      src/bootstrap-table.js

+ 14 - 1
src/bootstrap-table.js
View File 

@@ -100,6 +100,19 @@
 
         return defaultValue;
 
     };
 
 
+    var escapeHTML = function (text) {
 
+        if (typeof text == 'string') {
 
+            return text
 
+                .replace(/&/g, "&")
 
+                .replace(/</g, "&lt;")
 
+                .replace(/>/g, "&gt;")
 
+                .replace(/"/g, "&quot;")
 
+                .replace(/'/g, "&#039;");
 
+        }else {
 
+            return text;
 
+        }
 
+    }
 
+
 
     // BOOTSTRAP TABLE CLASS DEFINITION
 
     // ======================
 
 
@@ -893,7 +906,7 @@
 
 
             if (attributes) {
 
                 for (var key in attributes) {
 
-                    htmlAttributes.push(sprintf('%s="%s"', key, attributes[key]));
 
+                    htmlAttributes.push(sprintf('%s="%s"', key, escapeHTML(attributes[key])));
 
                 }
 
             }