tappatappa Posted July 8, 2016 Posted July 8, 2016 I need the unidbgrid to show every character (including < , >, &). Instead I see that those characters are interpreted as HTML. I have the same issue with form titles. This is also a security issue! Quote
Sherzod Posted July 8, 2016 Posted July 8, 2016 I need the unidbgrid to show every character (including < , >, &). Instead I see that those characters are interpreted as HTML. I have the same issue with form titles. This is also a security issue! Hi, I'm sorry, can you clarify your issue ?! When that happens? Can you make a small test case for your issue? I can not reproduce it.. Best regards. Quote
tappatappa Posted July 8, 2016 Author Posted July 8, 2016 sure. I adapted a small project i had. It is only dependent on VirtualTable by Devart ODAC, which is a free component. I am pretty confident it also works with other in-memory datasetsjust launch the application and look at the first row. It is supposed to contain the text "aaaa<p>a</p>" instead is rendered as "aaaa a " of course you can enter any HTML you want: links, maybe even JS code! Quote
tappatappa Posted July 8, 2016 Author Posted July 8, 2016 sorry i didn't attach the file TestMultiSelect.zip Quote
Sherzod Posted July 8, 2016 Posted July 8, 2016 Thanks for a test case,but unfortunately I was not able to run it.. If I understand correctly you, you want to display HTML as text ?! Quote
tappatappa Posted July 8, 2016 Author Posted July 8, 2016 I need a way to configure a grid in order to display HTML (or any special character) and not interpret it. Same thing for form titles. Other DB components are safe (uniDBEdit and labels, for instance)I will upload another project by Monday. Quote
Sherzod Posted July 8, 2016 Posted July 8, 2016 For now can you try this approach? : for example for uniDBGrid: function reconfigure(sender, store, columns, oldStore, oldColumns, eOpts) { // 1- your colIndx columns[1].renderer = function(val){ return Ext.util.Format.htmlEncode(val) } } Quote
tappatappa Posted July 8, 2016 Author Posted July 8, 2016 I need to do it for every column, of every grid in my project. Is it possibile to do it in a Extevent on the grid? Quote
Sherzod Posted July 8, 2016 Posted July 8, 2016 I need to do it for every column, of every grid in my project. Is it possibile to do it in a Extevent on the grid? yes Quote
Sherzod Posted July 8, 2016 Posted July 8, 2016 UniDBGrid->ClientEvents->ExtEvents->... function reconfigure(sender, store, columns, oldStore, oldColumns, eOpts) { columns.forEach(function(col){ col.renderer = function(val){ return Ext.util.Format.htmlEncode(val) } }) } Quote
tappatappa Posted July 11, 2016 Author Posted July 11, 2016 I have tested your code and it works! Thanks! Here you can find the updated project. I removed any dependency from external libraries (I hope) TestMultiSelect.zip Quote
tappatappa Posted July 11, 2016 Author Posted July 11, 2016 Unfortunately this introduces a problem. OnDrawColumnCell doesn't work anymore. In the project above void __fastcall TMainForm::GridSrcDrawColumnCell(TObject *Sender, int ACol, int ARow, TUniDBGridColumn *Column, TUniCellAttribs *Attribs) { Attribs->Color = clRed; } This is supposed to turn all the cells background red. It works only if you disable the reconfigure ExtEvent, I need both to work simultaneously, Quote
tappatappa Posted July 11, 2016 Author Posted July 11, 2016 I had a look at ext-unigui-min.js maybe something like this? function reconfigure(sender, store, columns, oldStore, the, eOpts) { columns.forEach(function(col){ col.renderer = function(k,a,d,i,m,l,j){ return _rndcll_(Ext.util.Format.htmlEncode(k), a,d,i,m,l,j) } }) } Quote
tappatappa Posted July 12, 2016 Author Posted July 12, 2016 Should this whole topic be moved under "Active Reports"? By the way, the workaround above seems to work. I would appreciate if, in future version of the library, grids had a flag "escape HTML" (true by default). Quote
tappatappa Posted July 12, 2016 Author Posted July 12, 2016 As for the form title I am pretty lost: I was unable to change the behaviour of the JS Window object and since TUniForm::GetCaption is NOT virtual I can't find a clean way to change its behaviour, either. class PASCALIMPLEMENTATION TUniBaseForm : public TUniBaseIntermForm { //................... System::UnicodeString __fastcall GetCaption(void); virtual void __fastcall SetCaption(System::UnicodeString Value); } my form class TMyForm : public TUniForm { private: UnicodeString _unescaped_caption; protected: UnicodeString __fastcall GetCaption(void);//NO! virtual void __fastcall SetCaption(UnicodeString Value);//OK since it is virtual public: // User declarations __fastcall TMyForm(TComponent* Owner); } // --------------------------------------------------------------------------- __fastcall TMyForm::TMyForm(TComponent * Owner) : TUniForm(Owner), _unescaped_caption(Caption) { } // --------------------------------------------------------------------------- UnicodeString __fastcall TMyForm::GetCaption(void) { return _unescaped_caption; //this is never called! } // --------------------------------------------------------------------------- void __fastcall TMyForm::SetCaption(UnicodeString Value) { _unescaped_caption = Value; TUniForm::SetCaption(html_escape(Value)); } As a result if I execute this TMyForm* AForm = MyForm(); AForm->Caption = AForm->Caption; The caption gets escaped twice! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.