Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • montana 42 posts 63 karma points
    Feb 03, 2011 @ 23:48
    montana
    0

    Glitch with openContent call javascript call in BaseContentTree.cs line 185 or so...

    Umbraco 4.5

    BaseContentTree.cs

    the SetActionAttribute method is running HTMLEscape on the dd.Text value [page title in this case], in short the Replace function fails to escape single quotes on the Title in question, leading to javascript errors on selection.

    [error occurs when selecting a page from the Tree for use as a link in the tinymce RTE.

    To recreate: create a content node with a title of "Can't Select this", then in the content editor try to add a hyperlink to that location]

    the short fix is to move the HTMLEncode call to the end of the assignment - I've rewritten it according to my style in the version I'm working on...

     

            protected void SetActionAttribute(ref XmlTreeNode treeElement, Document dd) {
                string nodeText = "";
                string nodeLink = "";
                string niceUrl = "";
                // Check for dialog behaviour
                if (this.DialogMode == TreeDialogModes.fulllink) {
                    nodeLink = CreateNodeLink(dd);
                } else if (this.DialogMode == TreeDialogModes.locallink) {
                    nodeLink = string.Format("{{localLink:{0}}}", dd.Id);
                    // try to make a niceurl too
                    niceUrl = corespin.library.NiceUrl(dd.Id);
                    nodeText = dd.Text;
                    nodeText = nodeText.Replace("'", "\\'");
                    nodeText = HttpContext.Current.Server.HtmlEncode(nodeText);
                    if (niceUrl != "#" || niceUrl != "") {
                        nodeLink += "|" + niceUrl + "|" + nodeText;
                    } else {
                        nodeLink += "||" + nodeText;
                    }
                } else if (this.DialogMode == TreeDialogModes.id || this.DialogMode == TreeDialogModes.none) {
                    nodeLink = dd.Id.ToString();
                } else if (!this.IsDialog || (this.DialogMode == TreeDialogModes.id)) {
                    if (CurrentUser.GetPermissions(dd.Path).Contains(ActionUpdate.Instance.Letter.ToString())) {
                        treeElement.Action = String.Format("javascript:openContent('{0}');", dd.Id);
                        return;
                    }
                }
                nodeLink = nodeLink.Replace("'", "\\'");
                treeElement.Action = String.Format("javascript:openContent('{0}');", nodeLink);
            }
    
    

    but the simple fix is just this block:

     

                    nodeText = dd.Text;
                    nodeText = nodeText.Replace("'", "\\'"); //run this first then HtmlEncode or HtmlEncode rewrites the string and muxxes the mix
                    nodeText = HttpContext.Current.Server.HtmlEncode(nodeText);
                    if (niceUrl != "#" || niceUrl != "") {
                        nodeLink += "|" + niceUrl + "|" + nodeText;
                    } else {
                        nodeLink += "||" + nodeText;
                    }
    
    
Please Sign in or register to post replies

Write your reply to:

Draft