2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * Javascript escaping functions.
9 if (! defined('PHPMYADMIN')) {
14 * Format a string so it can be a string inside JavaScript code inside an
15 * eventhandler (onclick, onchange, on..., ).
16 * This function is used to displays a javascript confirmation box for
17 * "DROP/DELETE/ALTER" queries.
19 * @param string $a_string the string to format
20 * @param boolean $add_backquotes whether to add backquotes to the string or not
22 * @return string the formatted string
26 function PMA_jsFormat($a_string = '', $add_backquotes = true)
28 if (is_string($a_string)) {
29 $a_string = htmlspecialchars($a_string);
30 $a_string = PMA_escapeJsString($a_string);
31 // Needed for inline javascript to prevent some browsers
32 // treating it as a anchor
33 $a_string = str_replace('#', '\\#', $a_string);
36 return (($add_backquotes) ? PMA_Util
::backquote($a_string) : $a_string);
37 } // end of the 'PMA_jsFormat()' function
40 * escapes a string to be inserted as string a JavaScript block
41 * enclosed by <![CDATA[ ... ]]>
42 * this requires only to escape ' with \' and end of script block
44 * We also remove NUL byte as some browsers (namely MSIE) ignore it and
45 * inserting it anywhere inside </script would allow to bypass this check.
47 * @param string $string the string to be escaped
49 * @return string the escaped string
51 function PMA_escapeJsString($string)
54 '@</script@i', '</\' + \'script',
70 * Formats a value for javascript code.
72 * @param string $value String to be formatted.
74 * @return string formatted value.
76 function PMA_formatJsVal($value)
78 if (is_bool($value)) {
90 return '"' . PMA_escapeJsString($value) . '"';
94 * Formats an javascript assignment with proper escaping of a value
95 * and support for assigning array of strings.
97 * @param string $key Name of value to set
98 * @param mixed $value Value to set, can be either string or array of strings
99 * @param bool $escape Whether to escape value or keep it as it is
100 * (for inclusion of js code)
102 * @return string Javascript code.
104 function PMA_getJsValue($key, $value, $escape = true)
106 $result = $key . ' = ';
109 } elseif (is_array($value)) {
111 foreach ($value as $val) {
112 $result .= PMA_formatJsVal($val) . ",";
116 $result .= PMA_formatJsVal($value) . ";\n";
122 * Prints an javascript assignment with proper escaping of a value
123 * and support for assigning array of strings.
125 * @param string $key Name of value to set
126 * @param mixed $value Value to set, can be either string or array of strings
130 function PMA_printJsValue($key, $value)
132 echo PMA_getJsValue($key, $value);
136 * Formats javascript assignment for form validation api
137 * with proper escaping of a value.
139 * @param string $key Name of value to set
140 * @param string $value Value to set
141 * @param boolean $addOn Check if $.validator.format is required or not
142 * @param boolean $comma Check if comma is required
144 * @return string Javascript code.
146 function PMA_getJsValueForFormValidation($key, $value, $addOn, $comma)
148 $result = $key . ': ';
150 $result .= '$.validator.format(';
152 $result .= PMA_formatJsVal($value);
163 * Prints javascript assignment for form validation api
164 * with proper escaping of a value.
166 * @param string $key Name of value to set
167 * @param string $value Value to set
168 * @param boolean $addOn Check if $.validator.format is required or not
169 * @param boolean $comma Check if comma is required
173 function PMA_printJsValueForFormValidation($key, $value, $addOn=false, $comma=true)
175 echo PMA_getJsValueForFormValidation($key, $value, $addOn, $comma);