NAVIGATION -  HOME |  | |
| [CLOSED] ComboBox html encoding | | Published by: mike 2010-03-18 |
| | Cannot Insert or Add a String To a ComboBox -- c#::
Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML Close() followed by form.Show(). I = have already tried ComboBox.
http://www.developmentnow.com/g/36_2004_11_0_0_18023/Cannot-Insert-or-Add-a-String-To-a-ComboBox.htmHOME |
If I have an item inside of my combo box with '&' in it, it's shown correctly.
However, once that item is selected, the combobox value displays & instead.
I could manually htmlunencode the value, but the extra encoding isn't needed, surely?
(removed link spam)
i've had a look at your offerings. why the hard sell (i.e. all the needless hyperlinks in both of your posts above to your useless site)? what's your "combobox" / "dropdown" got to do with Ext? /:)
you have a week to respond before your spam is removed.
It happens when you htmlEncode the strings on the way down (in case the user put html into the strings
I can't put up a public page, but you can reproduce it pretty easily.
If you go to:
http://extjs.com/deploy/ext/examples/form/combos.html
(or if you have a local build)
C:appswwwdeployext-2.0examplesformcombos.html
In the states.js file in that directory, instead of
Ext.exampledata.states = [
['AL', 'Alabama'],
['AK', 'Alaska'],
['AZ', 'Arizona']
]
do:
Ext.exampledata.states = [
['AL', 'Alabama & test'],
['AK', 'Alaska'],
['AZ', 'Arizona']
]
You'll notice it looks right in the dropdown text... but not right once it's been selected.
thanks
Bump
Anyone have a fix for this?
I'd expect to see Alabama & test, which is what we would post back to the server and would stick in the database.
Reason for needing to htmlEncode the strings is that a user might enter Alabama into a text field, and we'll save it to the database. When it comes out, it needs to not mess with the html of the page.
International Editor UI/UE Specifications::
May 23, 2002 The spec for the Save/convert encoding menu would be as follows: For HTML file save as: we offer all charsets in combobox.
http://www.mozilla.org/projects/intl/uidocs/5_0intleditorui1.1.htmlHOME |
Data & XML : The Official Microsoft ASP.NET Site::
ComponentArt ComboBox for ASP.NET enables easy creation of sophisticated Full MSDN Style HTML documentation with example code. The SqlConnection object will automatically be Opened (if closed) and URL encoding is used by webservers to contain all types of data for transmission through the http protocol.
http://www.asp.net/Community/Control-gallery/browse.aspx?category=15HOME |
If we don't htmlEncode it, then inside the Ext combo box, that "option" will have a real H1 stuck into it, which will mess up the display.
Ideally we would have a new option for Ext.form.ComboBox that will unHtmlEncode before setting the value of the textbox. That way people expecting the current behavior won't have any problems.
unHtmlEncode() has been mixed into String in prototype.js, though I don't see a similar function in Ext.
If that method existed, could do something like:
setValue : function(v){
var text = v;
if(this.valueField){
var r = this.findRecord(this.valueField, v);
if(r){
text = r.data[this.displayField];
}else if(this.valueNotFoundText !== undefined){
text = this.valueNotFoundText;
}
}
this.lastSelectionText = text;
if(this.hiddenField){
this.hiddenField.value = v;
}
// new code here
if (this.unEscapeValue) {
text = text.unescapeHTML();
}
Ext.form.ComboBox.superclass.setValue.call(this, text);
this.value = v;
},
If you don't think this is useful for everyone, we can roll that solution for ourselves, but htmlEncoding data that a customer might edit is a normally a "good thing".
ComboBox component can cause XSS.
Try example from examples direcotory examples/form/combos.html and in file states.js change code to:
Ext.exampledata.states = [
['AL', 'Alabama bold![]() ', 'The Heart of Dixie'],
...Than run this example in Firefox and expand the list of ComboBox. Javascript alert with test "XSS" appears (XSS vulnerability).
Also ComboBox list and ComboBox selected value is not consistent when some evil characters are in data. How can I solve this?
this has been discussed many times before.
as mentioned 1 post up:
http://extjs.com/forum/showthread.php?t=11113
try that.
[edit]
and these too:
http://www.google.com/cse?cx=011693920879787039234%3Az7of1ufqccu&q=xss&sa=Search&cof=FORID%3A0&ie=utf-8&oe=utf-8
values in an Ext.data.Record should always be the actual value pulled from / going into the backend database i.e. 'Alabama & test', and not the htmlEncode-ed value used for display i.e. 'Alabama & test'.
once this is straightened out, all that is needed is to correctly handle html entities when displaying data. in the case of the ComboBox, all you'll need is an Ext.Template like so:
http://extjs.com/forum/showthread.php?t=11113
Time's up. Link spam removed.
What should then be shown for ['AL', 'Alabama & test']? & or & ?
I was trying to put some &'s in my combos (Ext 1.1 and also Ext svn 876) but I was not able to reproduce it.
Do you have a link where I could see it?
 Nortel Unveils Vision, Strategy for Israeli High-Performance Net
 Busy Friday Leads to Strong Close for Net Stocks
|
#If you have any other info about this subject , Please add it free.# | |
|
