search

direct-fuel-injection / bbGrid

Grid system on Backbone.js and Bootstrap, sure jQuery :)
http://direct-fuel-injection.github.com/bbGrid
138 stars 59 forks source link

Create View Option for Auto-Escaping Fields #56

Closed mullen3 closed 10 years ago

mullen3 commented 10 years ago

As a developer, I would like an option to auto-escape fields that are passed to bbgrid.

mullen3 commented 10 years ago

Can someone help me with this? Is this where I would read the property and escape the col.values?

 render: function () {
            var self = this, isChecked, isDisabled, html,
                cols = _.filter(this.view.colModel, function (col) {return !col.hidden; });
            isChecked = ($.inArray(this.model.id, this.view.selectedRows) >= 0);
            isDisabled = this.model.get('cb_disabled') || false;
            html = this.template({
                isMultiselect: this.view.multiselect,
                isContainSubgrid: this.view.subgrid && this.view.subgridControl,
                isSelected: this.selected || false,
                isChecked: isChecked,
                isDisabled: isDisabled,
                values: _.map(cols, function (col) {
                    if (col.actions) {
                        col.name = 'bbGrid-actions-cell';
                        if (_.isFunction(col.actions)) {
                            col.value = col.actions.call(self, self.model.id, self.model.attributes, self.view);
                        } else {
                            col.value = self.view.actions[col.actions].call(self, self.model.id, self.model.attributes, self.view);
                        }
                    } else {
                        col.value = self.getPropByStr(self.model.attributes, col.name);
                    }
                    return col;
                })
            });
wickstargazer commented 10 years ago

It would be this

$('

').text(self.getPropByStr(self.model.attributes, col.name)).html();

But i do suggest you escape them as json data before passing into the collection, because thats the right way to do it.

escaping from inside is tricky and should not be resorted to.

mullen3 commented 10 years ago

Could you clarify what you mean by tricky?

Here is my pull request implementing the feature. https://github.com/direct-fuel-injection/bbGrid/pull/57

wickstargazer commented 10 years ago

Well, what i mean by tricky is that, it can throw some other error, or unknown character if the json collection is already encoded, or not well-formed.

for the pull request, i suggest just put this line into the Render function, instead of the direct value...test it out first..

$("&lt div /&gt").text(self.getPropByStr(self.model.attributes, col.name)).html();

direct-fuel-injection commented 10 years ago

Added in latest commit. Thank you for feedback.