From 6dc291f9cccab434e9bdce0cf179b51184ef749e Mon Sep 17 00:00:00 2001 From: Mark Clements Date: Mon, 5 Mar 2018 14:27:23 +0000 Subject: [PATCH 1/2] Fixed an issue in escapeXML() whereby if the supplied value is undefined, a JavaScript error was thrown. I have implemented the fix in a generic fashion, i.e. it will now behave correctly for any non-string value that doesn't implement a toString() method (not just undefined values). If toString() is available, then this will be used to convert the value to a string prior to performing the necessary replacements, otherwise we catch the resulting JavaScript error and return an empty string. This works around an IE8 issue, whereby node.node.className.baseVal is not defined, resulting in a 'class' attribute set to undefined. I have logged the underlying issue as issue #53, but this fix means that we should no longer generate a JavaScript error when this situation occurs. --- raphael.export.js | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/raphael.export.js b/raphael.export.js index 5d87008..fd4e4e5 100644 --- a/raphael.export.js +++ b/raphael.export.js @@ -15,13 +15,29 @@ function escapeXML(s) { if ( typeof s === 'number' ) return s.toString(); - var replace = { '<': 'lt', '>': 'gt', '"': 'quot', '\'': 'apos' }; + // We wrap the check in a try/catch block. If an error occurs then the + // function was passed a non-string value or a value that otherwise + // couldn't be converted to a string. In this case, a JavaScript error + // will be thrown, and our catch block will return an empty string. + try { + var replace = { '<': 'lt', '>': 'gt', '"': 'quot', '\'': 'apos' }; + + // Ensure s is a string, by converting it using toString(), if possible. + // If this method doesn't exist, then an error will be thrown and our + // catch block will return an empty string. + // Note that (perhaps, surprisingly) string values have a toString() + // function, so we don't need to check the type before calling. + s = s.toString(); + + for ( var entity in replace ) { + s = s.replace(new RegExp(entity, 'g'), '&' + replace[entity] + ';'); + } - for ( var entity in replace ) { - s = s.replace(new RegExp(entity, 'g'), '&' + replace[entity] + ';'); - } + return s; - return s; + } catch ( e ) { + return ""; + } } /** From bcddef195abd5ca8c0251b44dcd374783c8eeaea Mon Sep 17 00:00:00 2001 From: Mark Clements Date: Wed, 7 Mar 2018 12:14:58 +0000 Subject: [PATCH 2/2] I've updated escapeXML() so that it properly escapes ampersands. Previously, this had been left out, meaning that invalid SVG markup would be generated for properties that contain "&", most commonly in URLs. This will hopefully fixes issue #46. --- raphael.export.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/raphael.export.js b/raphael.export.js index fd4e4e5..3f9177f 100644 --- a/raphael.export.js +++ b/raphael.export.js @@ -20,7 +20,7 @@ // couldn't be converted to a string. In this case, a JavaScript error // will be thrown, and our catch block will return an empty string. try { - var replace = { '<': 'lt', '>': 'gt', '"': 'quot', '\'': 'apos' }; + var replace = { '&': 'amp', '<': 'lt', '>': 'gt', '"': 'quot', '\'': 'apos' }; // Ensure s is a string, by converting it using toString(), if possible. // If this method doesn't exist, then an error will be thrown and our