Rename clean_js to js_string and have it return a complete JS string (with delimiters) instead of just the string contents.

Benefits: Using json_encode(), which is very robust. And as a user, it's clearer how to use this API compared to what it was before.
2026-05-19 19:09:13 -04:00 · 2009-08-30 15:21:02 -07:00
parent b5813f92c7
commit beb711d6a0
5 changed files with 14 additions and 22 deletions
--- a/modules/gallery/libraries/SafeString.php
+++ b/modules/gallery/libraries/SafeString.php
@@ -92,17 +92,17 @@ class SafeString_Core {
  }

  /**
-   * Safe for use in JavaScript.
+   * Safe for use as JavaScript string.
   *
   * Example:<pre>
   *   <script type="text/javascript>"
-   *     var some_js_var = "<?= $php_var->for_js() ?>";
+   *     var some_js_var = <?= $php_var->for_js() ?>;
   *   </script>
   * </pre>
   * @return the string escaped for use in JavaScript.
   */
  function for_js() {
-    return self::_escape_for_js($this->_raw_string);
+    return json_encode((string) $this->_raw_string);
  }

  /**
@@ -152,14 +152,6 @@ class SafeString_Core {
    return html::specialchars($dirty_html);
  }

-  // Escapes special chars (quotes, backslash, etc.) with a backslash sequence.
-  private static function _escape_for_js($string) {
-    // From Smarty plugins/modifier.escape.php
-    // Might want to be stricter here.
-    return strtr($string,
-		 array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/'));
-  }
-
  // Purifies the string, removing any potentially malicious or unsafe HTML / JavaScript.
  private static function _purify_for_html($dirty_html) {
    if (empty(self::$_purifier)) {