combo_auto_box 0.0.8 → 0.0.9

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. data/lib/combo_auto_box/version.rb +1 -1
  2. data/vendor/assets/javascripts/combo-auto-box.js +14 -3
  3. metadata +2 -2
data/lib/combo_auto_box/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module ComboAutoBox
2
- VERSION = '0.0.8'
2
+ VERSION = '0.0.9'
3
3
  end
data/vendor/assets/javascripts/combo-auto-box.js CHANGED
@@ -298,7 +298,7 @@ var ComboAutoBox = {
298
298
  var addItem = function (inputId, selectedId, selectedData) {
299
299
  if (selectedData != '') {
300
300
  var id = generateAnId('item');
301
- $('#' + inputId).before('<div class="item" id="' + id + '">'+ selectedData +'<span title="Remove Item">x</span><input type="hidden" name="'+ options.html.name +'[]" value="'+ selectedId +'"></div>');
301
+ $('#' + inputId).before('<div class="item" id="' + id + '">'+ htmlSafe(selectedData) +'<span title="Remove Item">x</span><input type="hidden" name="'+ options.html.name +'[]" value="'+ selectedId +'"></div>');
302
302
 
303
303
  $('#' + id + ' > span').click(function() {
304
304
  $(this).parent().remove();
@@ -319,7 +319,7 @@ var ComboAutoBox = {
319
319
  fieldCondition = '<input type="hidden" name="q[g]['+ predicate['attribute'] +'][c]['+ ransackId +'][p]" value="'+ predicate['condition'] +'">';
320
320
  fieldValue = '<input type="hidden" name="q[g]['+ predicate['attribute'] +'][c]['+ ransackId +'][v][0][value]" value="'+ getSearchableValue(selectedData) +'">';
321
321
  var id = generateAnId('item');
322
- $('#' + inputId).before('<div class="item" id="' + id + '">'+ selectedData +'<span title="Remove Item">x</span>'+ fieldAttribute + fieldCondition + fieldValue +'</div>');
322
+ $('#' + inputId).before('<div class="item" id="' + id + '">'+ htmlSafe(selectedData) +'<span title="Remove Item">x</span>'+ fieldAttribute + fieldCondition + fieldValue +'</div>');
323
323
 
324
324
  $('#' + id + ' > span').click(function() {
325
325
  $(this).parent().remove();
@@ -332,7 +332,7 @@ var ComboAutoBox = {
332
332
  var addSearchableItem = function (inputId, selectedId, selectedData) {
333
333
  if (selectedData != '') {
334
334
  var id = generateAnId('item');
335
- $('#' + inputId).before('<div class="item" id="' + id + '">'+ selectedData +'<span title="Remove Item">x</span><input type="hidden" name="'+ options.html.name +'['+ selectedId +'][]" value="'+ getSearchableValue(selectedData) +'"></div>');
335
+ $('#' + inputId).before('<div class="item" id="' + id + '">'+ htmlSafe(selectedData) +'<span title="Remove Item">x</span><input type="hidden" name="'+ options.html.name +'['+ selectedId +'][]" value="'+ getSearchableValue(selectedData) +'"></div>');
336
336
 
337
337
  $('#' + id + ' > span').click(function() {
338
338
  $(this).parent().remove();
@@ -380,6 +380,17 @@ var ComboAutoBox = {
380
380
  }
381
381
  }
382
382
  }
383
+
384
+ var htmlSafe = function(html) {
385
+ html = html.replace(/\&/, '&amp;');
386
+ html = html.replace(/\</, '&lt;');
387
+ html = html.replace(/\>/, '&gt;');
388
+ html = html.replace(/\"/, '&quot;');
389
+ html = html.replace(/\'/, '&#x27;');
390
+ html = html.replace(/\//, '&#x2F;');
391
+
392
+ return html;
393
+ }
383
394
 
384
395
  // Bind click on div for multiple or searchble
385
396
  var bindContainerClick = function(inputId) {
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: combo_auto_box
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.8
4
+ version: 0.0.9
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-07-19 00:00:00.000000000 Z
12
+ date: 2013-07-27 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: activesupport