1. #1
    Ext JS Premium Member
    Join Date
    Jul 2009
    Posts
    239
    Vote Rating
    2
    stephen.friedrich will become famous soon enough

      0  

    Default Unanswered: jQuery: $('#message').text("Howdy"); ?

    Unanswered: jQuery: $('#message').text("Howdy"); ?


    Isn't there an easy way to quickly create a single text node children of a matched element (removing any other child elements before)?

  2. #2
    Sencha - Ext JS Dev Team Animal's Avatar
    Join Date
    Mar 2007
    Location
    Notts/Redwood City
    Posts
    30,483
    Answers
    13
    Vote Rating
    35
    Animal has a spectacular aura about Animal has a spectacular aura about

      0  

    Default


    Code:
    Ext.get("message").update("howdy");

  3. #3
    Ext JS Premium Member
    Join Date
    Jul 2009
    Posts
    239
    Vote Rating
    2
    stephen.friedrich will become famous soon enough

      0  

    Default


    Thanks, indeed I missed that.
    However isn't Element.update() a potential attack vector for XSS?

    jQuery's text() function is much safer as it will only ever create a text node.

  4. #4
    Sencha - Ext JS Dev Team Animal's Avatar
    Join Date
    Mar 2007
    Location
    Notts/Redwood City
    Posts
    30,483
    Answers
    13
    Vote Rating
    35
    Animal has a spectacular aura about Animal has a spectacular aura about

      0  

    Default


    Well!

    Code:
    Ext.override(Ext.Element, {
        text: function(t) {
            this.dom.innerHTML = '';
            this.dom.appendChild(document.createTextNode(t));
        }
    });
    Then

    Code:
    Ext.get("message").text("howdy");

  5. #5
    Ext User
    Join Date
    Oct 2009
    Location
    California
    Posts
    7
    Vote Rating
    0
    eTiger13 is on a distinguished road

      0  

    Default


    seems like a lot of things that should be in core have to be added in via the override. Kind of defeats have the core if its size is doubled just to bring in some basic stuff.

    Animal, can't you just combine all the overrides you have posted in here and submit it to be added in a future release?

  6. #6
    Sencha User
    Join Date
    Mar 2007
    Location
    Haarlem, Netherlands
    Posts
    1,243
    Answers
    28
    Vote Rating
    7
    TommyMaintz will become famous soon enough

      0  

    Default


    The purpose of update() is to just to prevent having to use dom.innerHTML.

    The argument that it would cause XSS vulnerabilities is non-valid since you have to prevent XSS attacks on the serverside by making sure the data is safe before you even send it back to the clientside. Trying to do security on the client-side is a lost cause. It means your already too late into the game to try and do anything seriously helpful.

    Anyway, we will internally discuss if we should put the .text() method in. Its not too many bytes, and if it would help a lot of people then its definitely worth it. I've done many coding with Ext Core though, and I had never ever had a need for it. Really because you can use update() for both text and HTML!

  7. #7
    Sencha - Ext JS Dev Team Animal's Avatar
    Join Date
    Mar 2007
    Location
    Notts/Redwood City
    Posts
    30,483
    Answers
    13
    Vote Rating
    35
    Animal has a spectacular aura about Animal has a spectacular aura about

      0  

    Default


    Quote Originally Posted by eTiger13 View Post
    seems like a lot of things that should be in core have to be added in via the override. Kind of defeats have the core if its size is doubled just to bring in some basic stuff.

    Animal, can't you just combine all the overrides you have posted in here and submit it to be added in a future release?
    There's a block of thing's I've added here: http://www.extjs.com/forum/showthrea...062#post395062

  8. #8
    Ext User
    Join Date
    Oct 2009
    Location
    California
    Posts
    7
    Vote Rating
    0
    eTiger13 is on a distinguished road

      0  

    Default


    Quote Originally Posted by TommyMaintz View Post
    The purpose of update() is to just to prevent having to use dom.innerHTML.

    The argument that it would cause XSS vulnerabilities is non-valid since you have to prevent XSS attacks on the serverside by making sure the data is safe before you even send it back to the clientside. Trying to do security on the client-side is a lost cause. It means your already too late into the game to try and do anything seriously helpful.

    Anyway, we will internally discuss if we should put the .text() method in. Its not too many bytes, and if it would help a lot of people then its definitely worth it. I've done many coding with Ext Core though, and I had never ever had a need for it. Really because you can use update() for both text and HTML!
    Does update() both get the text and set it? Does it work on input fields?

    I just did a quick search to try and find the docs for update() but either I don't know where to look or its not easy to find. Where would I go to find that? API search didn't work, Google didn't work unless its buried.

  9. #9
    Sencha - Ext JS Dev Team Animal's Avatar
    Join Date
    Mar 2007
    Location
    Notts/Redwood City
    Posts
    30,483
    Answers
    13
    Vote Rating
    35
    Animal has a spectacular aura about Animal has a spectacular aura about

      0  

    Default


    You can't find it because it's not there.

    I just linked to a post where I showed you how to ADD it.

film izle

hd film izle

film sitesi

takipci kazanma sitesi

takipci kazanma sitesi

güzel olan herşey

takipci alma sitesi

komik eğlenceli videolar