search

symfony2admingenerator / AvocodeFormExtensionsBundle

(old-legacy) Symfony2 form extensions for Admingenerator project (also working standalone!)
Other
48 stars 31 forks source link

JavaScript error in collection upload if using quotes in nameable or editable field. #124

Closed satiricon closed 10 years ago

satiricon commented 10 years ago

The config:

      items:
        label:            ' Images'
        dbType:           collection
        formType:         afe_collection_upload
        addFormOptions:
          sortable: true
          editable:         [ name, filename, description, author, position ]
          type:             "album_asset"
          previewMaxWidth:    120
          acceptFileTypes:    /(\.|\/)(gif|jp?g|png)$/i
          allow_add:        true
          allow_delete:     true
          error_bubbling:   false
          options:
            data_class:     Bn\WebBundle\Entity\Asset

If for any reason I add something like this is "the description" as the description in the form of any uploaded file it will cause a JavaScript error as the line 129 in form_javascripts.html.twig

{{ field|e4js }}: {{ attribute(item, field)|default('')|e4js }},

Doesn't correctly escapes quotes.

if I change the line to:

{{ field|e4js }}: "{{ attribute(item, field)|default('')|e('js') }}",

It works flawlessly.

Is there a reason for not using the default twig escaper?

ioleo commented 10 years ago

@satiricon if I remember right, there was a problem with escapeing true/false, which is why the filter was created... later on I used it in all other form types - though I can't remember now where exacly the issue occured

satiricon commented 10 years ago

Then if you think it's ok I'll try and escape quotes as well in e4js and make a pull request.

ioleo commented 10 years ago

@satiricon I've looked back at the code and now I remember :)

We needed an escape filter that would recognize javascript function syntax and if it was detected, simply render raw string, otherwise wrap the string in double quotes.

Eg.:

# some admingenerator geneator yaml useing form extensions
option1:  "SomeString"
option2:  "function(val) { return val + 1; }"

Would be rendered as:

// some js widget options
option1: "SomeString",
option2: function(val) { return val + 1; },
ioleo commented 10 years ago

@satiricon I've added double quotes escapeing to the filter. It should work fine now.