akakiz / open-video-ads

Automatically exported from code.google.com/p/open-video-ads
0 stars 0 forks source link

Complex companion banners or HTML in the companion DIV area cause ExternalInterface.call function to fail #202

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?

1. Load a complex HTML element with both single and double quotes, or with
control characters such as \n into OpenX as a companion advert.

2. Load JWPlayer or Flowplayer with showCompanions and simple companion
configuration

3. Observe in Firebug as the ExternalInterface function fails to execute
(e.g. Unterminated String Literal, or Unexpected ;  )

What is the expected output? What do you see instead?
Instead of the companion div content being replaced, the method fails and
no change is seen to the companion div innerHTML.

What version of the product are you using? On what operating system?
Using 0.4.5 but have checked trunk and this also has the same code in the
OpenAdStreamer.as file

Please provide any additional information below.

To fix this simply, you can escape or replace the #content in the calls
calls to innerHTML= 

like so:

...Line 272 - onDisplayCompanionAd()
ExternalInterface.call("function(){ document.getElementById('" +
companionEvent.divID + "').innerHTML='" +
StringUtils.replaceControlChars(StringUtils.replaceSingleWithDoubleQuotes(compan
ionEvent.content))
+ "'; }");

...Line 295 - onHideCompanionAd()
ExternalInterface.call("function(){ document.getElementById('" +
_previousDivContent[i].divId + "').innerHTML='" +
StringUtils.removeControlChars(StringUtils.replaceSingleWithDoubleQuotes)_previo
usDivContent[i].content))
+ "'; }"); 

The above method is tested and seems to work as expected, with the
exception described below.

For a more readable fix, suggest wrapping both
replaceSingleWithDoubleQuotes and removeControlChars in a single function
inside of the StringUtils class, or escaping the whole HTML string instead
of performing replacement operations on it.

CAVEAT TO THE ABOVE FUNCTIONING...
I have noticed that if trying to load a complex bit of HTML which in turn
loads a script, such is standard for a display ad, the HTML is correctly
inserted into the DOM but no script action takes place afterwards. More
investigation is needed into this which is what I am doing this evening.

Original issue reported on code.google.com by wildtang...@gmail.com on 6 Apr 2010 at 6:52

GoogleCodeExporter commented 9 years ago
Thanks for this... would it be possible for you to contact me on 
paul.schulz@bouncingminds.com so that we can 
talk more directly on this. I'd like to clean up the companion stuff a little 
more so I'd appreciate further advice on 
all of this to make sure the complex cases are covered... really helps. thanks.

Original comment by paul.sch...@gmail.com on 20 Apr 2010 at 10:10

GoogleCodeExporter commented 9 years ago
Hi,

I actually cleaned this up a lot further - the above solution actually gives a 
null
object error if there was no HTML in the DIV prior to the companion being 
loaded. My
new version actually passes the strings directly through as variables into a
JavaScript function, which is much cleaner and does not break with special 
characters.

I'll email you in a second with the code I wrote to handle this. Sorry it's not 
in
diff form, I'm not a master of committing to open source projects yet ;)

Joe

Original comment by wildtang...@gmail.com on 28 Apr 2010 at 2:59