Feature Proposal: ENCODE macro should have a mode for outputting JavaScript string constants

Motivation

The main potential user of this change is JQueryPlugin which currently has an issue that would be hard to fix without this.

Copying the explanation from Tasks.Item12179:

JQueryPlugin::FOSWIKI is responsible for making preference values available to various JavaScript functions. It does this by inserting a JSON definition into the page. Unfortunately, the current escaping mechanism for the strings is insufficient.

• Currently, the only that gets escaped is double quote characters (it does this by outputting %ENCODE{"[pref here]" type="quote"}%).
• We need to doublify backslashes at the very least (i.e. \ → \\, and also encode basic HTML characters (<>&) as entities in order to pass XHTML validation.

This is fairly tricky because, according to GeorgeClark, we can't properly expand the contents of the preferences this early in the code, so we do have to let the normal Render take care of the escaping. There is no ENCODE mode that will doublify backslashes, though.

The impact is that webtopiccreator.js will fail to fix the topic field if non-WikiWords are allowed.

Therefore, please consider fast-tracking this feature request or exempting it from the feature freezes for 1.1.6 and 1.2.0.

Description and Documentation

Implementing this would add a new valid option json for the macro parameter type. It would be designed for encoding a string so it can be used within a JavaScript string constant within a page.

Encoding details:

• Replace each backslash (\) in the input with two backslashes (\\). Ideally also replace all other special characters that might interfere with JavaScript, particularly newlines.
• Then, encode the basic special characters in HTML, namely <>&", as HTML entities (<, >, & and ").

Examples

Code	Result
"%ENCODE{"[\s*"'&;<>]" type="json"}%"	"[\\s*\"'&;<>]"

Impact

WhatDoesItAffect:

%WHATDOESITAFFECT%

edit

Implementation

-- Contributors: JanKrueger - 22 Oct 2012

Discussion

In regards to json output in Foswiki we struggle often, after we manage macros to expand early, with expanded short hand containing double quotes like email addresses and links. As short hand expands after macros, ENCODE is of no help and NOAUTOLINK doesn't do the trick either .

Of course, there are ways around, simply drop all shorthand with LITERAL. But I would love to see alike LITERAL a tag <JSON> or <ENCODE> that escapes after all expansions are done. This would make live much easier.

-- AndreLichtsteiner - 22 Oct 2012

1. I feel that encoding special XML chars into HTML entities is a bit overkill. Can't we use a CDATA section to pass validation?

2. I suspect your only example actually needs to be written with the \ escaped, as it is itself an escape character in Foswiki TML inside of double-quotes (isn't it?). Or, does the macro parser only unescape the \" sequence... Hrm. At first glance Foswiki::Attrs seems to try to interpret all backslash escapes, not just \". So perhaps the example should be written:

"%ENCODE{"[\\s*\"'&;<>]" type="json"}%"

-- PaulHarvey - 23 Oct 2012

Andre: interesting idea.

Paul:

1. yes, I suppose. Though we'll have to do the usual commented-out-CDATA hack since we're not actually making user agents interpret our XHTML as XHTML...

2. I'm really not sure what gets escaped. Last time I nested macros one level deeper, I had to write quotes at the innermost level as \\" rather than \\\", so the whole thing seems somewhat illogical in any case...

PS. I added another missing backslash to the example, though.

-- JanKrueger - 24 Oct 2012

Commenting is disabled while not logged in