From 6f19675c526f2df31a676dcc22676554f2959e1b Mon Sep 17 00:00:00 2001 From: Jack Lukic Date: Mon, 20 Feb 2017 22:41:35 -0500 Subject: [PATCH] #4163 #4164 More general fix that properly escapes string values for selectors --- src/definitions/behaviors/form.js | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/definitions/behaviors/form.js b/src/definitions/behaviors/form.js index d83864038..be15385f6 100644 --- a/src/definitions/behaviors/form.js +++ b/src/definitions/behaviors/form.js @@ -263,12 +263,6 @@ $.fn.form = function(parameters) { } }); return allValid; - }, - validHTMLID(value) { - if(typeof value !== 'string') { - return false; - } - return value.search(regExp.htmlID) !== -1; } }, @@ -485,7 +479,8 @@ $.fn.form = function(parameters) { }, field: function(identifier) { module.verbose('Finding field with identifier', identifier); - if(module.is.validHTMLID(identifier) && $field.filter('#' + identifier).length > 0 ) { + identifier = module.escape.string(identifier); + if($field.filter('#' + identifier).length > 0 ) { return $field.filter('#' + identifier); } else if( $field.filter('[name="' + identifier +'"]').length > 0 ) { @@ -600,10 +595,11 @@ $.fn.form = function(parameters) { field: function(identifier) { module.verbose('Checking for existence of a field with identifier', identifier); + identifier = module.escape.regExp(identifier); if(typeof identifier !== 'string') { module.error(error.identifier, identifier); } - if(module.is.validHTMLID(identifier) && $field.filter('#' + identifier).length > 0 ) { + if($field.filter('#' + identifier).length > 0 ) { return true; } else if( $field.filter('[name="' + identifier +'"]').length > 0 ) { @@ -617,6 +613,13 @@ $.fn.form = function(parameters) { }, + escape: { + string: function(text) { + text = String(text); + return text.replace(regExp.escape, '\\$&'); + } + }, + add: { prompt: function(identifier, errors) { var