Results 1 to 5 of 5

Hybrid View

  1. #1
    Join Date
    Jan 2007
    Posts
    2
    Plugin Contributions
    0

    Default Embedded Javascript inside an EZ-Page

    I discovered what I consider to be a bug in the EZ-Pages HTML editor (it's not a problem when in text-only mode). Basically, I came across the bug after embedding javascript into the text view (ie. text mode) of the HTML editor (ie. the text mode after clicking the Toggle HTML Mode button).

    I've traced the problem down to the following section of code in the zen-cart/editors/htmlarea/htmlarea.js file.

    Lines 1,951-1,961 of htmlarea.js:

    // performs HTML encoding of some given string
    HTMLArea.htmlEncode = function(str) {
    // we don't need regexp for that, but.. so be it for now.
    str = str.replace(/&/ig, "&");
    str = str.replace(/</ig, "&lt;");
    str = str.replace(/>/ig, "&gt;");

    str = str.replace(/\x22/ig, "&quot;");
    // \x22 means '"' -- we use hex reprezentation so that we don't disturb
    // JS compressors (well, at least mine fails.. ;)
    return str;
    };

    That section of code was causing me quite a headache the other day.

    I embedded the following javascript code into the top of one of my EZ-Pages:


    <script type="text/javascript" language="javascript"><!--

    function openWindow(URL, windowName, windowFeatures) {
    newWindow=window.open(URL, windowName, windowFeatures);
    }

    function closeWindow(windowName) {
    newwindow.close(windowName);
    }

    function addWindowFeatures(w, h) {
    var height=h;
    var width=w;
    var toolbar=0;
    var status=0;
    var menubar=0;
    var directories=0;
    var location=0;
    var resizable=0;
    var scrollbars=0;
    var left=(screen.width - width)/2;
    var top=(screen.availHeight - height)/2;
    var features='left=' + left + ',' + 'top=' + top + ',' + 'toolbar=' + toolbar + ',' + 'status=' + status + ',' + 'menubar=' + menubar + ',' + 'directories=' + directories + ',' + 'location=' + location + ',' + 'resizable=' + resizable + ',' + 'scrollbars=' + scrollbars + ',' + 'height=' + height + ',' + 'width=' + width;
    return features;
    }

    //--></script>


    Lines 1954, 1955, and 1956 (the string replace of < > and &) was malforming my javascript. Specifically, as soon as I clicked the toggle HTML Mode button, it would transform the lead in and lead out portions of the javascript, ie. '<!--' and '//-->', into '&lt;!--' and '//--&gt;'. That, of course, broke the javascript portion of the page.

    So, I guess my question is this:

    What effect does commenting out lines 1954, 1955, and 1956 have on the functionality of the HTML editor? I have not noticed any ill effects. I suppose that I won't notice anything unless I try to use the <, >, or & signs as characters on an html page.

    Has anyone else tried this hack?

    // performs HTML encoding of some given string
    HTMLArea.htmlEncode = function(str) {
    // we don't need regexp for that, but.. so be it for now.
    //str = str.replace(/&/ig, "&amp;");
    //str = str.replace(/</ig, "&lt;");
    //str = str.replace(/>/ig, "&gt;");

    str = str.replace(/\x22/ig, "&quot;");
    // \x22 means '"' -- we use hex reprezentation so that we don't disturb
    // JS compressors (well, at least mine fails.. ;)
    return str;
    };

    Thanks!

  2. #2
    Join Date
    Jan 2007
    Posts
    2
    Plugin Contributions
    0

    Default Re: Embedded Javascript inside an EZ-Page

    I forgot to mention the issue with line 1954 of htmlarea.js. If I toggled back and forth between HTML Mode and Text Mode, it would cause the following issue:

    First, because of lines 1955 and 1956, the
    <!--
    and
    //-->

    would get transformed into

    &lt;!--
    and
    //--&gt;

    Then, if I toggled back and forth again, the problem caused by line 1954 kicks in...the

    &lt;!--
    and
    //--&gt;

    would get transformed into

    &amp;lt;!--
    and
    //--&amp;gt;


    Then, if I toggled back and forth again, the

    &amp;lt;!--
    and
    //--&amp;gt;

    would get transformed into

    &amp;amp;lt;!--
    and
    //--&amp;amp;gt;


    Then, if I toggled back and forth again, the

    &amp;amp;lt;!--
    and
    //--&amp;amp;gt;

    would get transformed into

    &amp;amp;amp;lt;!--
    and
    //--&amp;amp;amp;gt;

    and so on.


    So...commenting out those 3 lines is the work-around. That is, as long as you don't need to use the <, >, or & in the html page.

    Cheers!

  3. #3
    Join Date
    Mar 2004
    Posts
    16,042
    Plugin Contributions
    5

    Default Re: Embedded Javascript inside an EZ-Page

    Im not 100% sure, and Dr Bytl will be the one to give the best answer but I think you are supposed to put your java in a special folder.

    and then just refer to it
    Zen cart PCI compliant Hosting

  4. #4
    Join Date
    Nov 2006
    Location
    New York City
    Posts
    248
    Plugin Contributions
    1

    Default Re: Embedded Javascript inside an EZ-Page

    Has anyone figured this out yet? I am in need of putting a link to a JS file in the header of an EZ-Page but do not want to include it site-wide. I've been entirely unable to figure this out through existing forms or anything in the docs folder..

    DrByte? Anyone?


    Thanks in advance-

  5. #5
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: Embedded Javascript inside an EZ-Page

    Just follow the override system explained here:
    http://www.zen-cart.com/wiki/index.p...s_-_Javascript

    New file: /includes/modules/pages/page/jscript_my_fun_jscript_code.php

    Code:
    <?php
    if ($ezpage_id == 32) {
    ?>
    // javascript for ezpage 32 goes here
    <?php
    } 
    ?>
    // javascript for all ezpages goes here
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

 

 

Similar Threads

  1. Can ZC be embedded in an HTML page if I dont have access to MySQL?
    By Christopher Allen in forum General Questions
    Replies: 4
    Last Post: 13 Feb 2013, 09:46 AM
  2. Javascript help with embedded video
    By rottiejoe in forum Templates, Stylesheets, Page Layout
    Replies: 1
    Last Post: 2 Feb 2011, 03:11 AM
  3. How to put Javascript inside PHP?
    By bhensarl in forum Templates, Stylesheets, Page Layout
    Replies: 5
    Last Post: 27 Feb 2010, 07:07 AM
  4. PHP and Javascript embedded within
    By Donn in forum General Questions
    Replies: 3
    Last Post: 6 Feb 2009, 01:20 AM
  5. Replies: 7
    Last Post: 24 Nov 2007, 05:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg