Francesco Posted September 11, 2011 Share Posted September 11, 2011 (edited) How to reproduceWrite <IMG> in the name, category, category or in a command, it will be interpreted instead of being escaped. Or try adding & in the name of an application and notice how the name is truncated in the grid.CauseWPI doesn't do any sort of escaping when adding items to the grids.FixIn configwizard.js replace NavGrid.addRow(i,[configList[i].ordr,configList[i].cat,configList[i].uid,configList[i].prog]); with NavGrid.addRow(i,[configList[i].ordr,ConvertSpecialCharactersToEntities(configList[i].cat),configList[i].uid,ConvertSpecialCharactersToEntities(configList[i].prog)]);replace ConfigurationsGrid.addRow(i+3,[(CheckOnLoad==Configurations[i] ? 1 : 0),Configurations[i]]); with ConfigurationsGrid.addRow(i+3,[(CheckOnLoad==Configurations[i] ? 1 : 0),ConvertSpecialCharactersToEntities(Configurations[i])]); replace CommandsGrid.addRow(i,Commands[i]); with CommandsGrid.addRow(i,ConvertSpecialCharactersToEntities(Commands[i])); replace TWICE NavGrid.addRow(cpos,[configList[cpos].ordr,configList[cpos].cat,configList[cpos].uid,configList[cpos].prog]); with NavGrid.addRow(cpos,[configList[cpos].ordr,ConvertSpecialCharactersToEntities(configList[cpos].cat.toString()),configList[cpos].uid,ConvertSpecialCharactersToEntities(configList[cpos].prog)]); replace ConfigurationsGrid.addRow(ConfigurationsGrid.getRowsNum(),[0,document.getElementById("NewConfiguration").value]); with ConfigurationsGrid.addRow(ConfigurationsGrid.getRowsNum(),[0,ConvertSpecialCharactersToEntities(document.getElementById("NewConfiguration").value)]); replace SortOrderGrid.addRow(i,cats[i]); with SortOrderGrid.addRow(i,ConvertSpecialCharactersToEntities(cats[i])); replace SortOrderGrid.addRow(SortOrderGrid.getRowsNum(),configList[cpos].cat); with SortOrderGrid.addRow(SortOrderGrid.getRowsNum(),ConvertSpecialCharactersToEntities(configList[cpos].cat)); replace NavGrid.cells(cpos,3).setValue(configList[cpos].prog); with NavGrid.cells(cpos,3).setValue(ConvertSpecialCharactersToEntities(configList[cpos].prog)); replace NavGrid.cells(cpos,1).setValue(configList[cpos].cat); with NavGrid.cells(cpos,1).setValue(ConvertSpecialCharactersToEntities(configList[cpos].cat)); replace NavGrid.cells(cpos,1).setValue(configList[cpos].cat); with NavGrid.cells(cpos,1).setValue(ConvertSpecialCharactersToEntities(configList[cpos].cat)); replace CommandsGrid.cells(CommandsGrid.getSelectedRowId(),0).setValue(document.getElementById("cmd1").value); with CommandsGrid.cells(CommandsGrid.getSelectedRowId(),0).setValue(ConvertSpecialCharactersToEntities(document.getElementById("cmd1").value)); replace Commands.splice(Commands.length,0,CommandsGrid.cells(CommandsGrid.getRowId(i),0).getValue()); with Commands.splice(Commands.length,0,RestoreSpecialCharactersFromEntities(CommandsGrid.cells(CommandsGrid.getRowId(i),0).getValue())); and at the bottom of the file add function ConvertSpecialCharactersToEntities(text){ return text.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>');}function RestoreSpecialCharactersFromEntities(text){ return text.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>');} Edited September 21, 2011 by Francesco Link to comment Share on other sites More sharing options...
Kelsenellenelvian Posted September 12, 2011 Share Posted September 12, 2011 Done Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now