|
68 | 68 |
|
69 | 69 | function buildEdit(n, g, data) { |
70 | 70 | resizeContainer(); |
| 71 | + var name = htmlQuotes(n); |
| 72 | + var group = htmlQuotes(g); |
71 | 73 | var html = ""; |
72 | 74 | html += "<div id='controls'>"; |
73 | 75 | html += " <div id='newfile' class='indent'>"; |
74 | 76 | html += " <form id='editform' class='note-title-form'>"; |
75 | | - html += " Name: <input type='text' class='fileinput' id='editfilename' value='"+n+"'>"; |
| 77 | + html += " Name: <input type='text' class='fileinput' id='editfilename' value='"+name+"'>"; |
76 | 78 | html += " Group: <select id='groupname'></select>"; |
77 | 79 | html += " <input type='text' class='newgroupinput' id='newgroupname' placeholder='group title'>"; |
78 | | - html += " <input type='hidden' id='originalfilename' value='"+n+"'>"; |
79 | | - html += " <input type='hidden' id='originalgroup' value='"+g+"'>"; |
| 80 | + html += " <input type='hidden' id='originalfilename' value='"+name+"'>"; |
| 81 | + html += " <input type='hidden' id='originalgroup' value='"+group+"'>"; |
80 | 82 | html += " <button id='save' class='button'>Save</button>"; |
81 | 83 | html += " <div id='canceledit' class='button'>Cancel</div>"; |
82 | 84 | html += " </form>"; |
|
145 | 147 | var sortby = "name"; |
146 | 148 | var sortorder = "ascending"; |
147 | 149 |
|
| 150 | + function htmlQuotes(value, reverse){ |
| 151 | + if (!reverse) { |
| 152 | + var r = value; |
| 153 | + r = r.replace(/\'/g, '''); |
| 154 | + r = r.replace(/\"/g, '"'); |
| 155 | + return r; |
| 156 | + } else { |
| 157 | + var r = value; |
| 158 | + r = r.replace(/'/g, "'"); |
| 159 | + r = r.replace(/"/g, '"'); |
| 160 | + return r; |
| 161 | + } |
| 162 | + } |
| 163 | + |
148 | 164 | function loadListing() { |
149 | 165 | var url = ocUrl("api/v0.2/ownnote"); |
150 | 166 | $.get(url, function(data) { |
|
238 | 254 | if (listing[i].deleted == 0) |
239 | 255 | if (listingtype == "All" || listing[i].group == listingtype || (listingtype == 'Not grouped' && listing[i].group == '')) { |
240 | 256 | var fileclass = 'modified'; |
241 | | - var file = listing[i].name; |
242 | | - if (listing[i].group != '') |
243 | | - file = "["+listing[i].group+"] "+listing[i].name; |
| 257 | + var name = htmlQuotes(listing[i].name); |
| 258 | + var group = htmlQuotes(listing[i].group); |
| 259 | + var file = name; |
| 260 | + if (group != '') |
| 261 | + file = "["+group+"] "+name; |
244 | 262 | if (listing[i].timediff < 30) |
245 | 263 | fileclass = 'modified latestfile'; |
246 | 264 | html += "<div class='listing'>"; |
247 | | - html += " <div id='"+file+"' i='"+listing[i].id+"' n='"+listing[i].name+"' g='"+listing[i].group+"' title='"+listing[i].name+"' class='file pointer'>"+listing[i].name+"</div>"; |
| 265 | + html += " <div id='"+file+"' i='"+listing[i].id+"' n='"+name+"' g='"+group+"' title='"+name+"' class='file pointer'>"+name+"</div>"; |
248 | 266 | html += " <div class='info'>"; |
249 | 267 | if (listing[i].timestring != '') |
250 | 268 | html += " <div class='"+fileclass+"'>"+listing[i].timestring+" ago</div>"; |
251 | 269 | else |
252 | 270 | html += " <div class='"+fileclass+"'>Just now</div>"; |
253 | | - html += " <div id='"+file+"' i='"+listing[i].id+"' n='"+listing[i].name+"' g='"+listing[i].group+"' class='buttons delete delete-note pointer'><br></div>"; |
| 271 | + html += " <div id='"+file+"' i='"+listing[i].id+"' n='"+name+"' g='"+group+"' class='buttons delete delete-note pointer'><br></div>"; |
254 | 272 | html += " </div>"; |
255 | 273 | html += "</div>"; |
256 | 274 | } |
|
345 | 363 | function buildNavItem(name, count, active) { |
346 | 364 | var html = ''; |
347 | 365 | var a = '' |
| 366 | + var n = htmlQuotes(name); |
348 | 367 | if (active) a = " active"; |
349 | 368 | if (name == "All" || name == "Not grouped") |
350 | 369 | html += '<li class="group' + a + '" data-type="all">'; |
351 | 370 | else { |
352 | | - html += '<li id="group-'+name+'-edit" class="group editing">'; |
| 371 | + html += '<li id="group-'+n+'-edit" class="group editing">'; |
353 | 372 | html += ' <ul class="oc-addnew open" style="display: inline-block; width: auto; height: auto;" aria-disabled="false">'; |
354 | 373 | html += ' <li>'; |
355 | | - html += ' <input id="edit-'+name+'-text" class="oc-addnew-name" type="text" value="'+name+'" style="display: inline;">'; |
356 | | - html += ' <button id="edit-'+name+'" class="new-button primary icon-checkmark-white" style="display: block;"></button>'; |
| 374 | + html += ' <input id="edit-'+n+'-text" class="oc-addnew-name" type="text" value="'+n+'" style="display: inline;">'; |
| 375 | + html += ' <button id="edit-'+n+'" class="new-button primary icon-checkmark-white" style="display: block;"></button>'; |
357 | 376 | html += ' </li>'; |
358 | 377 | html += ' </ul>'; |
359 | 378 | html += '</li>'; |
360 | | - html += '<li id="group-'+name+'" class="group' + a + '" data-type="category">'; |
| 379 | + html += '<li id="group-'+n+'" class="group' + a + '" data-type="category">'; |
361 | 380 | } |
362 | | - html += ' <a class="name" id="link-'+name+'" role="button" title="'+name+'">'+name+'</a>'; |
| 381 | + html += ' <a class="name" id="link-'+n+'" role="button" title="'+n+'">'+n+'</a>'; |
363 | 382 | html += ' <span class="utils">'; |
364 | | - html += ' <a class="icon-rename action edit tooltipped rightwards" group="'+name+'" original-title=""></a>'; |
365 | | - html += ' <a class="icon-delete action delete tooltipped rightwards" group="'+name+'" original-title=""></a>'; |
| 383 | + html += ' <a class="icon-rename action edit tooltipped rightwards" group="'+n+'" original-title=""></a>'; |
| 384 | + html += ' <a class="icon-delete action delete tooltipped rightwards" group="'+n+'" original-title=""></a>'; |
366 | 385 | html += ' <span class="action numnotes">'+count+'</span>'; |
367 | 386 | html += ' </span>'; |
368 | 387 | html += '</li>'; |
|
0 commit comments