combo_auto_box 0.0.8 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. data/lib/combo_auto_box/version.rb +1 -1
  2. data/vendor/assets/javascripts/combo-auto-box.js +14 -3
  3. metadata +2 -2
data/lib/combo_auto_box/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module ComboAutoBox
2
- VERSION = '0.0.8'
2
+ VERSION = '0.0.9'
3
3
  end
data/vendor/assets/javascripts/combo-auto-box.js CHANGED
@@ -298,7 +298,7 @@ var ComboAutoBox = {
298
298
  var addItem = function (inputId, selectedId, selectedData) {
299
299
  if (selectedData != '') {
300
300
  var id = generateAnId('item');
301
- $('#' + inputId).before('<div class="item" id="' + id + '">'+ selectedData +'<span title="Remove Item">x</span><input type="hidden" name="'+ options.html.name +'[]" value="'+ selectedId +'"></div>');
301
+ $('#' + inputId).before('<div class="item" id="' + id + '">'+ htmlSafe(selectedData) +'<span title="Remove Item">x</span><input type="hidden" name="'+ options.html.name +'[]" value="'+ selectedId +'"></div>');
302
302
 
303
303
  $('#' + id + ' > span').click(function() {
304
304
  $(this).parent().remove();
@@ -319,7 +319,7 @@ var ComboAutoBox = {
319
319
  fieldCondition = '<input type="hidden" name="q[g]['+ predicate['attribute'] +'][c]['+ ransackId +'][p]" value="'+ predicate['condition'] +'">';
320
320
  fieldValue = '<input type="hidden" name="q[g]['+ predicate['attribute'] +'][c]['+ ransackId +'][v][0][value]" value="'+ getSearchableValue(selectedData) +'">';
321
321
  var id = generateAnId('item');
322
- $('#' + inputId).before('<div class="item" id="' + id + '">'+ selectedData +'<span title="Remove Item">x</span>'+ fieldAttribute + fieldCondition + fieldValue +'</div>');
322
+ $('#' + inputId).before('<div class="item" id="' + id + '">'+ htmlSafe(selectedData) +'<span title="Remove Item">x</span>'+ fieldAttribute + fieldCondition + fieldValue +'</div>');
323
323
 
324
324
  $('#' + id + ' > span').click(function() {
325
325
  $(this).parent().remove();
@@ -332,7 +332,7 @@ var ComboAutoBox = {
332
332
  var addSearchableItem = function (inputId, selectedId, selectedData) {
333
333
  if (selectedData != '') {
334
334
  var id = generateAnId('item');
335
- $('#' + inputId).before('<div class="item" id="' + id + '">'+ selectedData +'<span title="Remove Item">x</span><input type="hidden" name="'+ options.html.name +'['+ selectedId +'][]" value="'+ getSearchableValue(selectedData) +'"></div>');
335
+ $('#' + inputId).before('<div class="item" id="' + id + '">'+ htmlSafe(selectedData) +'<span title="Remove Item">x</span><input type="hidden" name="'+ options.html.name +'['+ selectedId +'][]" value="'+ getSearchableValue(selectedData) +'"></div>');
336
336
 
337
337
  $('#' + id + ' > span').click(function() {
338
338
  $(this).parent().remove();
@@ -380,6 +380,17 @@ var ComboAutoBox = {
380
380
  }
381
381
  }
382
382
  }
383
+
384
+ var htmlSafe = function(html) {
385
+ html = html.replace(/\&/, '&amp;');
386
+ html = html.replace(/\</, '&lt;');
387
+ html = html.replace(/\>/, '&gt;');
388
+ html = html.replace(/\"/, '&quot;');
389
+ html = html.replace(/\'/, '&#x27;');
390
+ html = html.replace(/\//, '&#x2F;');
391
+
392
+ return html;
393
+ }
383
394
 
384
395
  // Bind click on div for multiple or searchble
385
396
  var bindContainerClick = function(inputId) {
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: combo_auto_box
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.8
4
+ version: 0.0.9
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-07-19 00:00:00.000000000 Z
12
+ date: 2013-07-27 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: activesupport