r23754 - gnucash/trunk/src/report/report-system - Escape labels for jqplot charts

Geert Janssens gjanssens at code.gnucash.org
Fri Jan 24 14:22:48 EST 2014 

Author: gjanssens
Date: 2014-01-24 14:22:48 -0500 (Fri, 24 Jan 2014)
New Revision: 23754
Trac: http://svn.gnucash.org/trac/changeset/23754

Modified:
   gnucash/trunk/src/report/report-system/html-barchart.scm
   gnucash/trunk/src/report/report-system/html-jqplot.scm
   gnucash/trunk/src/report/report-system/html-linechart.scm
   gnucash/trunk/src/report/report-system/html-piechart.scm
Log:
Escape labels for jqplot charts

Escape single- and double-quotes as needed in the generation of the
HTML/JavaScript for the jqplot charts to avoid JavaScript errors.

Author: Aaron Lindsay <aaron at aclindsay.com>

Modified: gnucash/trunk/src/report/report-system/html-barchart.scm
===================================================================
--- gnucash/trunk/src/report/report-system/html-barchart.scm	2014-01-24 16:23:54 UTC (rev 23753)
+++ gnucash/trunk/src/report/report-system/html-barchart.scm	2014-01-24 19:22:48 UTC (rev 23754)
@@ -355,7 +355,7 @@
                          (push series-index)
                          (push ");\n")
                          (push "series.push({ label: \"")
-                         (push label)
+                         (push (jqplot-escape-string label))
                          (push "\"});\n\n")))
          ; Use a unique chart-id for each chart. This prevents chart
          ; clashed on multi-column reports
@@ -447,12 +447,14 @@
             (if title
               (begin 
                 (push "  options.title = \"")
-                (push title) (push "\";\n")))
+                (push (jqplot-escape-string title))
+                (push "\";\n")))
 
             (if subtitle
               (begin 
                 (push "  options.title += \" (")
-                (push subtitle) (push ")\";\n")))
+                (push (jqplot-escape-string subtitle))
+                (push ")\";\n")))
 
             (if (and (string? x-label) (> (string-length x-label) 0))
               (begin 

Modified: gnucash/trunk/src/report/report-system/html-jqplot.scm
===================================================================
--- gnucash/trunk/src/report/report-system/html-jqplot.scm	2014-01-24 16:23:54 UTC (rev 23753)
+++ gnucash/trunk/src/report/report-system/html-jqplot.scm	2014-01-24 19:22:48 UTC (rev 23754)
@@ -14,3 +14,12 @@
         "\" />\n"
     ))
 
+(define (jqplot-escape-string s1)
+    ;; Escape single and double quotes and backslashes
+    (set! s1 (regexp-substitute/global #f "\\\\" s1 'pre "\\\\" 'post))
+    (set! s1 (regexp-substitute/global #f "'" s1 'pre "\\'" 'post))
+    (set! s1 (regexp-substitute/global #f "\"" s1 'pre "\\\"" 'post))
+    ;; Escape HTML special characters
+    (set! s1 (regexp-substitute/global #f "&" s1 'pre "&" 'post))
+    (set! s1 (regexp-substitute/global #f "<" s1 'pre "<" 'post))
+    (regexp-substitute/global #f ">" s1 'pre ">" 'post))

Modified: gnucash/trunk/src/report/report-system/html-linechart.scm
===================================================================
--- gnucash/trunk/src/report/report-system/html-linechart.scm	2014-01-24 16:23:54 UTC (rev 23753)
+++ gnucash/trunk/src/report/report-system/html-linechart.scm	2014-01-24 19:22:48 UTC (rev 23754)
@@ -387,7 +387,7 @@
                          (push series-index)
                          (push ");\n")
                          (push "series.push({ label: \"")
-                         (push label)
+                         (push (jqplot-escape-string label))
                          (push "\"});\n\n")))
          ; Use a unique chart-id for each chart. This prevents chart
          ; clashed on multi-column reports
@@ -489,12 +489,14 @@
             (if title
               (begin 
                 (push "  options.title = \"")
-                (push title) (push "\";\n")))
+                (push (jqplot-escape-string title))
+                (push "\";\n")))
 
             (if subtitle
               (begin 
                 (push "  options.title += \" (")
-                (push subtitle) (push ")\";\n")))
+                (push (jqplot-escape-string subtitle))
+                (push ")\";\n")))
 
             (if (and (string? x-label) (> (string-length x-label) 0))
               (begin 

Modified: gnucash/trunk/src/report/report-system/html-piechart.scm
===================================================================
--- gnucash/trunk/src/report/report-system/html-piechart.scm	2014-01-24 16:23:54 UTC (rev 23753)
+++ gnucash/trunk/src/report/report-system/html-piechart.scm	2014-01-24 19:22:48 UTC (rev 23754)
@@ -229,7 +229,7 @@
                 (for-each 
                  (lambda (datum label)
                    (push "  data.push(['")
-                   (push label)
+                   (push (jqplot-escape-string label))
                    (push "',")
                    (push datum)
                    (push "]);\n"))
@@ -247,11 +247,13 @@
             (if title
               (begin 
                 (push "  options.title = \"")
-                (push title) (push "\";\n")))
+                (push (jqplot-escape-string title))
+                (push "\";\n")))
             (if subtitle
               (begin 
                 (push "  options.title += \" (")
-                (push subtitle) (push ")\";\n")))
+                (push (jqplot-escape-string subtitle))
+                (push ")\";\n")))
 
             (push "$.jqplot.config.enablePlugins = true;\n")
             (push "var plot = $.jqplot('")(push chart-id)(push "', [data], options);\n")

More information about the gnucash-changes mailing list