Added sanitization of id names

This is a fix for https://openedx.atlassian.net/browse/TNL-394 escaped all escapable characters in id name strings.

Added sanitization of id names
This is a fix for https://openedx.atlassian.net/browse/TNL-394 escaped all escapable characters in id name strings.
3ec3cf64 · vkaracic · f9cb0924 · 3ec3cf64 · 3ec3cf64
Commit 3ec3cf64 authored Jul 06, 2015 by vkaracic
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 1 deletions

lms/static/js/spec/staff_debug_actions_spec.js
+6 -0

lms/static/js/staff_debug_actions.js
+7 -1

No files found.
--- a/lms/static/js/spec/staff_debug_actions_spec.js
+++ b/lms/static/js/spec/staff_debug_actions_spec.js
@@ -14,6 +14,12 @@ define(['backbone', 'jquery', 'js/staff_debug_actions'],
                });
            });

+            describe('sanitize_string', function () {
+                it('escapes escapable characters in a string', function () {
+                    expect(StaffDebug.sanitized_string('.*+?^:${}()|][')).toBe('\\.\\*\\+\\?\\^\\:\\$\\{\\}\\(\\)\\|\\]\\[');
+                });
+            });
+
            describe('get_user', function () {

                it('gets the placeholder username if input field is empty', function () {

--- a/lms/static/js/staff_debug_actions.js
+++ b/lms/static/js/staff_debug_actions.js
@@ -11,7 +11,12 @@ var StaffDebug = (function(){
    return url;
  }

+  sanitized_string = function(string) {
+    return string.replace(/[.*+?^:${}()|[\]\\]/g, "\\$&");
+  }
+
  get_user = function(locname){
+    locname = sanitized_string(locname);
    var uname = $('#sd_fu_' + locname).val();
    if (uname==""){
        uname =  $('#sd_fu_' + locname).attr('placeholder');
@@ -108,7 +113,8 @@ var StaffDebug = (function(){
      do_idash_action: do_idash_action,
      get_current_url: get_current_url,
      get_url: get_url,
-      get_user: get_user
+      get_user: get_user,
+      sanitized_string:sanitized_string
  }
 })();