lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Try a cleaner javascript escape function.

Browse Source
This commit is contained in:
Laurent Destailleur 2014-02-13 23:40:39 +01:00
parent d6ba18cc20
commit 57153e4de4
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
htdocs/core/lib/functions.lib.php
View File

@ -437,13 +437,18 @@ function dol_string_nospecial($str,$newstr='_',$badchars='')
/**
* Returns text escaped for inclusion into javascript code
*
* @param string $stringtoescape String to escape
* @return string Escaped string
* @param string $stringtoescape String to escape
* @param string $mode 0=Escape also ' and " into ', 1=Escape ' but not " for usage into 'string', 2=Escape " but not ' for usage into "string"
* @return string Escaped string. Both ' and " are escaped into ' if they are escaped.
*/
function dol_escape_js($stringtoescape)
function dol_escape_js($stringtoescape, $mode=0)
{
// escape quotes and backslashes, newlines, etc.
$substitjs=array("&#039;"=>"\\'",'\\'=>'\\\\',"'"=>"\\'",'"'=>"\\'","\r"=>'\\r',"\n"=>'\\n','</'=>'<\/');
$substitjs=array("&#039;"=>"\\'",'\\'=>'\\\\',"\r"=>'\\r',"\n"=>'\\n');
//$substitjs['</']='<\/'; // We removed this. Should be useless.
if (empty($mode)) { $substitjs["'"]="\\'"; $substitjs['"']="\\'"; }
else if ($mode == 1) $substitjs["'"]="\\'";
else if ($mode == 2) { $substitjs['"']='\\"'; }
return strtr($stringtoescape, $substitjs);
}