r23754 - gnucash/trunk/src/report/report-system - Escape labels for jqplot charts
Geert Janssens
gjanssens at code.gnucash.org
Fri Jan 24 14:22:48 EST 2014
Author: gjanssens
Date: 2014-01-24 14:22:48 -0500 (Fri, 24 Jan 2014)
New Revision: 23754
Trac: http://svn.gnucash.org/trac/changeset/23754
Modified:
gnucash/trunk/src/report/report-system/html-barchart.scm
gnucash/trunk/src/report/report-system/html-jqplot.scm
gnucash/trunk/src/report/report-system/html-linechart.scm
gnucash/trunk/src/report/report-system/html-piechart.scm
Log:
Escape labels for jqplot charts
Escape single- and double-quotes as needed in the generation of the
HTML/JavaScript for the jqplot charts to avoid JavaScript errors.
Author: Aaron Lindsay <aaron at aclindsay.com>
Modified: gnucash/trunk/src/report/report-system/html-barchart.scm
===================================================================
--- gnucash/trunk/src/report/report-system/html-barchart.scm 2014-01-24 16:23:54 UTC (rev 23753)
+++ gnucash/trunk/src/report/report-system/html-barchart.scm 2014-01-24 19:22:48 UTC (rev 23754)
@@ -355,7 +355,7 @@
(push series-index)
(push ");\n")
(push "series.push({ label: \"")
- (push label)
+ (push (jqplot-escape-string label))
(push "\"});\n\n")))
; Use a unique chart-id for each chart. This prevents chart
; clashed on multi-column reports
@@ -447,12 +447,14 @@
(if title
(begin
(push " options.title = \"")
- (push title) (push "\";\n")))
+ (push (jqplot-escape-string title))
+ (push "\";\n")))
(if subtitle
(begin
(push " options.title += \" (")
- (push subtitle) (push ")\";\n")))
+ (push (jqplot-escape-string subtitle))
+ (push ")\";\n")))
(if (and (string? x-label) (> (string-length x-label) 0))
(begin
Modified: gnucash/trunk/src/report/report-system/html-jqplot.scm
===================================================================
--- gnucash/trunk/src/report/report-system/html-jqplot.scm 2014-01-24 16:23:54 UTC (rev 23753)
+++ gnucash/trunk/src/report/report-system/html-jqplot.scm 2014-01-24 19:22:48 UTC (rev 23754)
@@ -14,3 +14,12 @@
"\" />\n"
))
+(define (jqplot-escape-string s1)
+ ;; Escape single and double quotes and backslashes
+ (set! s1 (regexp-substitute/global #f "\\\\" s1 'pre "\\\\" 'post))
+ (set! s1 (regexp-substitute/global #f "'" s1 'pre "\\'" 'post))
+ (set! s1 (regexp-substitute/global #f "\"" s1 'pre "\\\"" 'post))
+ ;; Escape HTML special characters
+ (set! s1 (regexp-substitute/global #f "&" s1 'pre "&" 'post))
+ (set! s1 (regexp-substitute/global #f "<" s1 'pre "<" 'post))
+ (regexp-substitute/global #f ">" s1 'pre ">" 'post))
Modified: gnucash/trunk/src/report/report-system/html-linechart.scm
===================================================================
--- gnucash/trunk/src/report/report-system/html-linechart.scm 2014-01-24 16:23:54 UTC (rev 23753)
+++ gnucash/trunk/src/report/report-system/html-linechart.scm 2014-01-24 19:22:48 UTC (rev 23754)
@@ -387,7 +387,7 @@
(push series-index)
(push ");\n")
(push "series.push({ label: \"")
- (push label)
+ (push (jqplot-escape-string label))
(push "\"});\n\n")))
; Use a unique chart-id for each chart. This prevents chart
; clashed on multi-column reports
@@ -489,12 +489,14 @@
(if title
(begin
(push " options.title = \"")
- (push title) (push "\";\n")))
+ (push (jqplot-escape-string title))
+ (push "\";\n")))
(if subtitle
(begin
(push " options.title += \" (")
- (push subtitle) (push ")\";\n")))
+ (push (jqplot-escape-string subtitle))
+ (push ")\";\n")))
(if (and (string? x-label) (> (string-length x-label) 0))
(begin
Modified: gnucash/trunk/src/report/report-system/html-piechart.scm
===================================================================
--- gnucash/trunk/src/report/report-system/html-piechart.scm 2014-01-24 16:23:54 UTC (rev 23753)
+++ gnucash/trunk/src/report/report-system/html-piechart.scm 2014-01-24 19:22:48 UTC (rev 23754)
@@ -229,7 +229,7 @@
(for-each
(lambda (datum label)
(push " data.push(['")
- (push label)
+ (push (jqplot-escape-string label))
(push "',")
(push datum)
(push "]);\n"))
@@ -247,11 +247,13 @@
(if title
(begin
(push " options.title = \"")
- (push title) (push "\";\n")))
+ (push (jqplot-escape-string title))
+ (push "\";\n")))
(if subtitle
(begin
(push " options.title += \" (")
- (push subtitle) (push ")\";\n")))
+ (push (jqplot-escape-string subtitle))
+ (push ")\";\n")))
(push "$.jqplot.config.enablePlugins = true;\n")
(push "var plot = $.jqplot('")(push chart-id)(push "', [data], options);\n")
More information about the gnucash-changes
mailing list