NetTalk Central
NetTalk Web Server => Web Server - Ask For Help => Topic started by: Gordon Holfelder on February 14, 2011, 08:59:34 AM
-
Hi Bruce-
I have a stored procedure that validates the password for our application. The return from the procedure indicates the type of error that was encountered. This is then assigned to loc:Alert to display the error back to the user. There appears to be a couple of problems with this:
- Any special characters are escaped and displayed in the message box
- A quote or a cr/lf in the message prematurely ends the message (and leaves a hanging error in the browser)
- If the error is to long, it is difficult to read in the browser (jquery problem?)
See the attached screen shot. ntws 5.15 c74.7900
Thanks,
Gordon
[attachment deleted by admin]
-
Gordon,
I'll make my list of special characters shorter if I were you, exlude quotes and &'s for one, maybe some more.
Btw, the message box in Clarion is also limited as to size.
Cheers
Charl
-
Noted Gordon - I'll check into it.
cheers
Bruce
-
Hi Bruce-
Thanks for looking at this.
The point is that the processing for the message on the page has to be different than the what is sent to the Java Script. In the generated code:
p_web.Script('alert('''&clip(loc:alert)&''');')
has the potential for generating bad code. The loc:alert is being used by us lowly programmers and in my case, I can't even guarantee what the contents of the message will contain. We have places in our system where we allow the user to define the error that is to be displayed.
As far as limiting special characters are concerned, advice noted. But what about <>? They have the same problem and I can envision using those in messages.
Regards,
Gordon
-
Clearly, it should handle any characters.
Cheers
Bruce
-
fixed in 5.16
-
Thanks!