/************************************************************************************************************************** Author - Arvind Singh Rawat Creation Date - 10 July 2010 Desc - Files contains the funciton required for the display comment module *************************************************************************************************************************/ var isIE7 = false; var isIE = false; if(navigator.appName.indexOf("Internet Explorer")){ isIE = true; if(navigator.appVersion.indexOf("MSIE 7.0") != -1){ isIE7 = true; } } if(typeof String.prototype.trim !== 'function') { String.prototype.trim = function() { return this.replace(/^\s+|\s+$/g, ''); } } function isSpecialChar(val){ var data = val; var iChars = "!@#$%^&*()+=-[]\\\';,./{}|\":<>?~_"; var flag = 1; for (var i = 0; i < data.length; i++) { if (iChars.indexOf(data.charAt(i)) != -1) { flag = 0; //alert ("Your string has special characters. \nThese are not allowed."); } } return flag; } function trim(str) { return str.replace(/^\s*|\s*$/g,""); } /*************************Function called on the click of reply button of comment and get the updated data thorugh Ajax***************************/ function callReply(url,comment_id,userid,blackwhiteliststatus,pageno,trusted,type) { document.getElementById('error_Summary_'+comment_id).style.display='none'; document.getElementById('error_comment_'+comment_id).style.display='none'; if(blackwhiteliststatus=='BlackListed') { //sm('popData', 300, 100,'You status is marked as Blacklisted.So you can\'t reply to any comment'); //alert("You status is marked as Blacklisted.So you can't reply to any comment"); document.getElementById('notificationdiv').innerHTML='

Your status is marked as blacklisted. So you can\'t reply to any comment

'; //$('#notificationatten').focus(); $('#notificationdiv').fadeIn(1000, function () { }); /*$('#notificationdiv').fadeOut(4000, function () { });*/ return false; } //alert(userid);return false; if(userid=='0') { //alert("Please Login First"); areaid='message_area_'+comment_id; document.getElementById('response_'+comment_id).style.display='none'; document.getElementById(areaid).innerHTML="

Please login first

"; return false; } var Name=document.getElementById('Name_'+comment_id).value; var Summary=trim(document.getElementById('Summary_'+comment_id).value); var comment=trim(document.getElementById('comment_'+comment_id).value); if(comment=='') { //alert("Please enter Summary"); //return false; document.getElementById('error_comment_'+comment_id).style.display='block'; /*$('#error_comment_'+comment_id).fadeOut(4000,function(){})*/ return false; } if(Summary=='') { //alert("Please enter Comment"); document.getElementById('error_Summary_'+comment_id).style.display='block'; /*$('#error_Summary_'+comment_id).fadeOut(4000,function(){})*/ return false; } var Summary=addslashes(Summary); var Email=document.getElementById('Email_'+comment_id).value; var Notify=document.getElementById('Notify_'+comment_id).value; var Anonymous=document.getElementById('Anonymous_'+comment_id).value; var comments=addslashes(document.getElementById('comments_'+comment_id).value); var commentid=document.getElementById('commentid_'+comment_id).value; Encoder.EncodeType = "entity"; comment=Encoder.htmlEncode(comment); Summary=Encoder.htmlEncode(Summary); var timestamp= new Date().getTime(); url=url+'&ajaxx=1&task_comment=reply&Name='+Name+'&Email='+Email+'&Notify='+Notify+'&Anonymous='+Notify+'&commentid='+commentid+'&page='+pageno+'&blackwhiteliststatus='+blackwhiteliststatus+'×tamp='+timestamp; //alert(comment); $("#disp_comments").empty().html('

'); //getRequest(url,'main_call_page',''); $.post(url, { Comment: Summary, summary : comment }, function(data){ $("#disp_comments").empty().html(data); }); if(trusted==1 || blackwhiteliststatus=='WhiteListed') { updateNotification("notificationdiv", "Thank you for replying to a comment on the EHI website. Unless you are a trusted poster, your comment will now be reviewed by a member of the editorial team. Please bear with us. We will endeavour to post it promptly."); $('#notificationdiv').fadeIn(1000, function () { }); } else { updateNotification("notificationdiv", "Thank you for replying to a comment on the EHI website. Unless you are a trusted poster, your comment will now be reviewed by a member of the editorial team. Please bear with us. We will endeavour to post it promptly."); } } /*****************************************************************************************************************************************/ /*************************Function called on the click of pagination link and get the updated data thorugh Ajax***************************/ function callpagination(url) { url = CreateAjaxURL(url); //getRequest(url,'disp_comments','Please wait... loading

'); $("#disp_comments").empty().html('

'); $.get(url, { }, function(data){ /*$("#disp_comments").empty().html(data);*/ document.getElementById("disp_comments").innerHTML = data; }); } function selectchange(url) { var e = document.getElementById("selecttype"); var selecttype = e.options[e.selectedIndex].value; if(selecttype=='0') {url=url;} else if(selecttype=='Likes') {url=url+'&selecttype=Likes';} else {url=url+'&selecttype=latest';} url = CreateAjaxURL(url); //getRequest(url,'main_call_page','Please wait... loading

'); $("#disp_comments").empty().html('

'); $.get(url, { }, function(data){ $("#disp_comments").empty().html(data); }); } function callcomajax(RID,objectid,commment_ID,extraparam) { document.getElementById('error_abuse_type_'+commment_ID).style.display='none'; document.getElementById('error_r_emailAddress_'+commment_ID).style.display='none'; url='/comments/comajax.cfm?RID='+RID+'&objectid='+objectid+'&comment_ID='+commment_ID+extraparam;//alert(url);return false; if(document.getElementById("emailAddress_subscribe_"+commment_ID).value!='') { url=url+'&emailAddress='+document.getElementById("emailAddress_subscribe_"+commment_ID).value; } if(extraparam=='&report_abuse=1') { if(document.getElementById("abuse_type_"+commment_ID).value=='') { //alert('Please Select Abuse Type'); document.getElementById('error_abuse_type_'+commment_ID).style.display='block'; /*$('#error_abuse_type_'+commment_ID).fadeOut(4000,function(){})*/ return false; } if(document.getElementById("r_emailAddress_"+commment_ID).value=='') { //alert("Please Enter Email Address"); document.getElementById('error_r_emailAddress_'+commment_ID).style.display='block'; /*$('#error_r_emailAddress_'+commment_ID).fadeOut(4000,function(){})*/ return false; } if(!isValidEmail(document.getElementById("r_emailAddress_"+commment_ID).value)) { //alert("Please Enter Valid Email Address"); document.getElementById('error_r_emailAddress_'+commment_ID).style.display='block'; document.getElementById('error_r_emailAddress_'+commment_ID).innerHTML='

Email address is invalid

'; /*$('#error_r_emailAddress_'+commment_ID).fadeOut(4000,function(){})*/ //return false; return false; } url=url+'&abuse_type='+document.getElementById("abuse_type_"+commment_ID).value+'&r_emailAddress='+document.getElementById("r_emailAddress_"+commment_ID).value; url = CreateAjaxURL(url); areaid='message_area_'+commment_ID;//alert(areaid) getRequest(url,areaid,''); document.getElementById("reportabuse_"+commment_ID).style.display='none'; document.getElementById(areaid).style.display="block"; /*$('#message_area_'+commment_ID).fadeOut(5000, function () { });*/ return true; } else { url = CreateAjaxURL(url); $.post(url,{commment_ID:commment_ID},function(data){ //alert("Data Loaded: " + data); areaid='message_area_'+commment_ID;//alert(areaid) array=data.split('~~'); logincheck=data.split('

" + array[0] + "

"; } else if(logincheck[0]=='Please Login First') { document.getElementById(areaid).innerHTML="

" + logincheck[0] + "

"; } else { document.getElementById(areaid).innerHTML="

Technical Failure. Please try again

"; } document.getElementById(areaid).style.display="block"; /*('#message_area_'+commment_ID).fadeOut(5000, function () { });*/ } // $('#message_area_'+commment_ID).hide("fade", {}, 3000); return false; }); } return true; } /*************************fucntion call the file to add the coment and display the updated code****************************************************/ function add_comment_submit(RID,objectid,blackwhiteliststatus,trusted,type,title,formtitle,showviewby,showlikesdislikes,displayfirst,form_header_image) { document.getElementById('error_f_summary').style.display='none'; document.getElementById('error_f_comment').style.display='none'; document.getElementById('notificationdiv_signup').style.display='none'; if(blackwhiteliststatus=='BlackListed') { //alert("Your status is marked as Blacklisted.So you can't post a comment"); document.getElementById('notificationdiv_signup').style.display='block'; document.getElementById('notificationdiv_signup').innerHTML="

Your status is marked as Blacklisted. So you can't post a comment

"; /*$('#notificationdiv_signup').fadeOut(4000,function(){})*/ document.getElementById('notificationdiv_signup').focus(); //document.getElementById('error_f_summary').style.display='block'; return false; } url='/comments/commentsection.cfm?ID='+RID+'&objectid='+objectid+'&ajaxx=2&task_comment=addcomment'+'&title='+title+'&showviewby='+showviewby+'&formtitle='+formtitle+'&type='+type+'&showlikesdislikes='+showlikesdislikes+'&form_header_image='+form_header_image+'&displayfirst='+displayfirst; if(trim(document.getElementById("f_summary").value)=='' ) { //alert("Please enter Summary"); document.getElementById('error_f_summary').style.display='block'; /*$('#error_f_summary').fadeOut(4000,function(){})*/ return false; } if(trim(document.getElementById("f_comment").value)=='' ) { //alert("Please enter Comment"); document.getElementById('error_f_comment').style.display='block'; /*$('#error_f_comment').fadeOut(4000,function(){})*/ return false; } // JN: removed addslashes var Summary=trim(document.getElementById("f_summary").value); var comments=trim(document.getElementById("f_comment").value); //var Summary=addslashes(trim(document.getElementById("f_summary").value)); //var comments=addslashes(trim(document.getElementById("f_comment").value)); var f_email=document.getElementById("f_email").value; if(document.getElementById("f_comment_subscription").checked){ var comment_subscription=1; } else { var comment_subscription=0; } if(document.getElementById("f_reply_subscription").checked) { var reply_subscription=1; } else { var reply_subscription=0; } // JN: changed htmlEncode to escape comments=escape(comments); Summary=escape(Summary); //Encoder.EncodeType = "entity"; //comments=Encoder.htmlEncode(comments); //Summary=Encoder.htmlEncode(Summary); var timestamp= new Date().getTime(); url=url+"&Summary="+Summary+"&comment_subscription="+comment_subscription+"&email="+f_email+"&reply_subscription="+reply_subscription+"&blackwhiteliststatus="+blackwhiteliststatus+'×tamp='+timestamp; $("#disp_comments").empty().html('

'); $.post(url, { comments : comments }, function(data){ $("#disp_comments").empty().html(data); }); if(trusted==1 || blackwhiteliststatus=='WhiteListed') { if (type != 'Endorsement') { updateNotification("notificationdiv", "Thank you for leaving your " + type + ". Unless you are a trusted poster, your " + type + " will be reviewed by a member of the editorial team before it appears on site. Please bear with us. We will endeavour to post it promptly."); } else { updateNotification("notificationdiv", "Thank you for leaving your " + type + "."); showSendDialog(); } } else { //alert("Thank you for your comment it will now be reviewed by the EHI editorial team. This may entail a short delay"); if (type != 'Endorsement') { updateNotification("notificationdiv", "Thank you for posting your " + type + " on EHI. Your " + type + " will now be reviewed by a member of the editorial team, this may take a little time."); }else { updateNotification("notificationdiv", "Thank you for posting your " + type + " on EHI."); showSendDialog(); } } } function open_reportabuse_div(comment_ID,id) { if(id=='S') { document.getElementById('reportabuse_'+comment_ID).style.display="none"; document.getElementById('response_'+comment_ID).style.display="none"; document.getElementById('subscribe_'+comment_ID).style.display="block"; } if(id=='A') { document.getElementById('subscribe_'+comment_ID).style.display="none"; document.getElementById('response_'+comment_ID).style.display="none"; //document.getElementById('reportabuse_'+comment_ID).style.display="block"; $('#reportabuse_'+comment_ID).fadeIn(1000, function () { }); } if(id=='R') { document.getElementById('reportabuse_'+comment_ID).style.display="none"; document.getElementById('subscribe_'+comment_ID).style.display="none"; //document.getElementById('response_'+comment_ID).style.display="block"; $('#response_'+comment_ID).fadeIn(1000, function () { }); document.getElementById('message_area_'+comment_ID).innerHTML=""; } } function addslashes(str) { str=str.replace(/\\/g,'\\\\'); str=str.replace(/\'/g,'\\\''); str=str.replace(/\"/g,'\\"'); str=str.replace(/\0/g,'\\0'); return str; } /*******************************hyper sharing code is defined here**************************************************************************/ function share(button,id,url) { var comment=document.getElementById('commm_'+id).value; // or to set it to encode to html entities e.g & instead of & Encoder.EncodeType = "entity"; // HTML encode text from an input element // This will prevent double encoding. comment = Encoder.htmlEncode(comment); //comment=comment.replace(")"," "); //comment=comment.replace("("," "); if(button=='F') { urls='http://'+url+'/comments/facebookshare.cfm?ID='+id; urls=escape(urls);//alert(urls);//return false; window.open("http://www.facebook.com/share.php?u="+urls+"","EHI","status=1"); return true; } if(button=='L') { urls='http://'+url+'/comments/facebookshare.cfm?ID='+id; urls=escape(urls); title=comment.replace(" ","+"); urls="http://www.linkedin.com/shareArticle?mini=true&url="+urls; //alert(urls);return false; window.open(urls,"EHI","status=1"); return true; } if(button=='T') { urls=window.location; urls=escape(urls); title=comment.replace(" ","+"); urls="http://twitter.com/home?status="+title+"%3a+"+urls; //alert(urls);return false; window.open(urls,"EHI","status=1"); return true; //http://twitter.com/home?status=This+is+a+comment%3a+http%3A%2F%2Fbeta.twiddeo.com%2F39f6 } } function ReplyBox(commentid) { if(document.getElementById("ReplyBox_"+commentid).style.display=="block"){ document.getElementById("ReplyBox_"+commentid).style.display="none"; document.getElementById("arrows_"+commentid).innerHTML="

Open

"; } else{ document.getElementById("ReplyBox_"+commentid ).style.display="block"; document.getElementById("arrows_"+commentid).innerHTML="

Close

"; } } function ReplyBox2(commentid) { if(document.getElementById("ReplyBox2_"+commentid).style.display=="block"){ document.getElementById("ReplyBox2_"+commentid).style.display="none"; document.getElementById("arrows_"+commentid).innerHTML="

Open

"; } else{ document.getElementById("ReplyBox2_"+commentid ).style.display="block"; document.getElementById("arrows_"+commentid).innerHTML="

Close

"; } } function Report() { if(document.getElementById("Report").style.display=="block"){ document.getElementById("Report").style.display="none"; } else{ document.getElementById("Report").style.display="block"; } } function cancelcomment(id) { //if(document.getElementById(id).style.display=="block"){ //document.getElementById(id).style.display="none"; $('#'+id).fadeOut(1000, function () { }); //} //else{ // document.getElementById(id).style.display="block"; //} } function showdetail(id) { document.getElementById("detail_"+id).style.display="block"; if(isIE7){ document.getElementById("reply_box_"+id).style.visibility="hidden"; } } function hidedetail(id) { document.getElementById("detail_"+id).style.display="none"; if(isIE7){ document.getElementById("reply_box_"+id).style.visibility="visible"; } } /*************************validates email**********************************************************************************/ function isValidEmail(el) { var str=el; var testresults; var filter=/^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$/; if (filter.test(str)) testresults=true; else testresults=false; return (testresults); } Encoder = { // When encoding do we convert characters into html or numerical entities EncodeType : "entity", // entity OR numerical isEmpty : function(val){ if(val){ return ((val===null) || val.length==0 || /^\s+$/.test(val)); }else{ return true; } }, // Convert HTML entities into numerical entities *********************************************************************************/ HTML2Numerical : function(s){ var arr1 = new Array(' ','¡','¢','£','¤','¥','¦','§','¨','©','ª','«','¬','','®','¯','°','±','²','³','´','µ','¶','·','¸','¹','º','»','¼','½','¾','¿','à','á','â','ã','Ä','å','æ','ç','è','é','ê','ë','ì','í','î','ï','ð','ñ','ò','ó','ô','õ','Ö','×','ø','ù','ú','û','Ü','ý','þ','ß','à','á','â','ã','ä','å','æ','ç','è','é','ê','ë','ì','í','î','ï','ð','ñ','ò','ó','ô','õ','ö','÷','Ø','ù','ú','û','ü','ý','þ','ÿ','"','&','<','>','œ','œ','š','š','ÿ','ˆ','˜',' ',' ',' ','‌','‍','‎','‏','–','—','‘','’','‚','“','”','„','†','†','‰','‹','›','€','ƒ','α','β','γ','δ','ε','ζ','η','θ','ι','κ','λ','μ','ν','ξ','ο','π','ρ','σ','τ','υ','φ','χ','ψ','ω','α','β','γ','δ','ε','ζ','η','θ','ι','κ','λ','μ','ν','ξ','ο','π','ρ','ς','σ','τ','υ','φ','χ','ψ','ω','ϑ','ϒ','ϖ','•','…','′','′','‾','⁄','℘','ℑ','ℜ','™','ℵ','←','↑','→','↓','↔','↵','←','↑','→','↓','↔','∀','∂','∃','∅','∇','∈','∉','∋','∏','∑','−','∗','√','∝','∞','∠','∧','∨','∩','∪','∫','∴','∼','≅','≈','≠','≡','≤','≥','⊂','⊃','⊄','⊆','⊇','⊕','⊗','⊥','⋅','⌈','⌉','⌊','⌋','⟨','⟩','◊','♠','♣','♥','♦'); var arr2 = new Array(' ','¡','¢','£','¤','¥','¦','§','¨','©','ª','«','¬','','®','¯','°','±','²','³','´','µ','¶','·','¸','¹','º','»','¼','½','¾','¿','À','Á','Â','Ã','Ä','Å','Æ','Ç','È','É','Ê','Ë','Ì','Í','Î','Ï','Ð','Ñ','Ò','Ó','Ô','Õ','Ö','×','Ø','Ù','Ú','Û','Ü','Ý','Þ','ß','à','á','â','ã','ä','å','æ','ç','è','é','ê','ë','ì','í','î','ï','ð','ñ','ò','ó','ô','õ','ö','÷','ø','ù','ú','û','ü','ý','þ','ÿ','"','&','<','>','Œ','œ','Š','š','Ÿ','ˆ','˜',' ',' ',' ','‌','‍','‎','‏','–','—','‘','’','‚','“','”','„','†','‡','‰','‹','›','€','ƒ','Α','Β','Γ','Δ','Ε','Ζ','Η','Θ','Ι','Κ','Λ','Μ','Ν','Ξ','Ο','Π','Ρ','Σ','Τ','Υ','Φ','Χ','Ψ','Ω','α','β','γ','δ','ε','ζ','η','θ','ι','κ','λ','μ','ν','ξ','ο','π','ρ','ς','σ','τ','υ','φ','χ','ψ','ω','ϑ','ϒ','ϖ','•','…','′','″','‾','⁄','℘','ℑ','ℜ','™','ℵ','←','↑','→','↓','↔','↵','⇐','⇑','⇒','⇓','⇔','∀','∂','∃','∅','∇','∈','∉','∋','∏','∑','−','∗','√','∝','∞','∠','∧','∨','∩','∪','∫','∴','∼','≅','≈','≠','≡','≤','≥','⊂','⊃','⊄','⊆','⊇','⊕','⊗','⊥','⋅','⌈','⌉','⌊','⌋','〈','〉','◊','♠','♣','♥','♦'); return this.swapArrayVals(s,arr1,arr2); }, // Convert Numerical entities into HTML entities NumericalToHTML : function(s){ var arr1 = new Array(' ','¡','¢','£','¤','¥','¦','§','¨','©','ª','«','¬','','®','¯','°','±','²','³','´','µ','¶','·','¸','¹','º','»','¼','½','¾','¿','À','Á','Â','Ã','Ä','Å','Æ','Ç','È','É','Ê','Ë','Ì','Í','Î','Ï','Ð','Ñ','Ò','Ó','Ô','Õ','Ö','×','Ø','Ù','Ú','Û','Ü','Ý','Þ','ß','à','á','â','ã','ä','å','æ','ç','è','é','ê','ë','ì','í','î','ï','ð','ñ','ò','ó','ô','õ','ö','÷','ø','ù','ú','û','ü','ý','þ','ÿ','"','&','<','>','Œ','œ','Š','š','Ÿ','ˆ','˜',' ',' ',' ','‌','‍','‎','‏','–','—','‘','’','‚','“','”','„','†','‡','‰','‹','›','€','ƒ','Α','Β','Γ','Δ','Ε','Ζ','Η','Θ','Ι','Κ','Λ','Μ','Ν','Ξ','Ο','Π','Ρ','Σ','Τ','Υ','Φ','Χ','Ψ','Ω','α','β','γ','δ','ε','ζ','η','θ','ι','κ','λ','μ','ν','ξ','ο','π','ρ','ς','σ','τ','υ','φ','χ','ψ','ω','ϑ','ϒ','ϖ','•','…','′','″','‾','⁄','℘','ℑ','ℜ','™','ℵ','←','↑','→','↓','↔','↵','⇐','⇑','⇒','⇓','⇔','∀','∂','∃','∅','∇','∈','∉','∋','∏','∑','−','∗','√','∝','∞','∠','∧','∨','∩','∪','∫','∴','∼','≅','≈','≠','≡','≤','≥','⊂','⊃','⊄','⊆','⊇','⊕','⊗','⊥','⋅','⌈','⌉','⌊','⌋','〈','〉','◊','♠','♣','♥','♦'); var arr2 = new Array(' ','¡','¢','£','¤','¥','¦','§','¨','©','ª','«','¬','','®','¯','°','±','²','³','´','µ','¶','·','¸','¹','º','»','¼','½','¾','¿','à','á','â','ã','Ä','å','æ','ç','è','é','ê','ë','ì','í','î','ï','ð','ñ','ò','ó','ô','õ','Ö','×','ø','ù','ú','û','Ü','ý','þ','ß','à','á','â','ã','ä','å','æ','ç','è','é','ê','ë','ì','í','î','ï','ð','ñ','ò','ó','ô','õ','ö','÷','Ø','ù','ú','û','ü','ý','þ','ÿ','"','&','<','>','œ','œ','š','š','ÿ','ˆ','˜',' ',' ',' ','‌','‍','‎','‏','–','—','‘','’','‚','“','”','„','†','†','‰','‹','›','€','ƒ','α','β','γ','δ','ε','ζ','η','θ','ι','κ','λ','μ','ν','ξ','ο','π','ρ','σ','τ','υ','φ','χ','ψ','ω','α','β','γ','δ','ε','ζ','η','θ','ι','κ','λ','μ','ν','ξ','ο','π','ρ','ς','σ','τ','υ','φ','χ','ψ','ω','ϑ','ϒ','ϖ','•','…','′','′','‾','⁄','℘','ℑ','ℜ','™','ℵ','←','↑','→','↓','↔','↵','←','↑','→','↓','↔','∀','∂','∃','∅','∇','∈','∉','∋','∏','∑','−','∗','√','∝','∞','∠','∧','∨','∩','∪','∫','∴','∼','≅','≈','≠','≡','≤','≥','⊂','⊃','⊄','⊆','⊇','⊕','⊗','⊥','⋅','⌈','⌉','⌊','⌋','⟨','⟩','◊','♠','♣','♥','♦'); return this.swapArrayVals(s,arr1,arr2); }, // Numerically encodes all unicode characters numEncode : function(s){ if(this.isEmpty(s)) return ""; var e = ""; for (var i = 0; i < s.length; i++) { var c = s.charAt(i); if (c < " " || c > "~") { c = "&#" + c.charCodeAt() + ";"; } e += c; } return e; }, // HTML Decode numerical and HTML entities back to original values htmlDecode : function(s){ var c,m,d = s; if(this.isEmpty(d)) return ""; // convert HTML entites back to numerical entites first d = this.HTML2Numerical(d); // look for numerical entities " arr=d.match(/&#[0-9]{1,5};/g); // if no matches found in string then skip if(arr!=null){ for(var x=0;x= -32768 && c <= 65535){ // decode every single match within string d = d.replace(m, String.fromCharCode(c)); }else{ d = d.replace(m, ""); //invalid so replace with nada } } } return d; }, // encode an input string into either numerical or HTML entities htmlEncode : function(s,dbl){ if(this.isEmpty(s)) return ""; // do we allow double encoding? E.g will & be turned into & dbl = dbl | false; //default to prevent double encoding // if allowing double encoding we do ampersands first if(dbl){ if(this.EncodeType=="numerical"){ s = s.replace(/&/g, "&"); }else{ s = s.replace(/&/g, "&"); } } // convert the xss chars to numerical entities ' " < > s = this.XSSEncode(s,false); if(this.EncodeType=="numerical" || !dbl){ // Now call function that will convert any HTML entities to numerical codes s = this.HTML2Numerical(s); } // Now encode all chars above 127 e.g unicode s = this.numEncode(s); // now we know anything that needs to be encoded has been converted to numerical entities we // can encode any ampersands & that are not part of encoded entities // to handle the fact that I need to do a negative check and handle multiple ampersands &&& // I am going to use a placeholder // if we don't want double encoded entities we ignore the & in existing entities if(!dbl){ s = s.replace(/&#/g,"##AMPHASH##"); if(this.EncodeType=="numerical"){ s = s.replace(/&/g, "&"); }else{ s = s.replace(/&/g, "&"); } s = s.replace(/##AMPHASH##/g,"&#"); } // replace any malformed entities s = s.replace(/&#\d*([^\d;]|$)/g, "$1"); if(!dbl){ // safety check to correct any double encoded & s = this.correctEncoding(s); } // now do we need to convert our numerical encoded string into entities if(this.EncodeType=="entity"){ s = this.NumericalToHTML(s); } return s; }, // Encodes the basic 4 characters used to malform HTML in XSS hacks XSSEncode : function(s,en){ if(!this.isEmpty(s)){ en = en || true; // do we convert to numerical or html entity? if(en){ s = s.replace(/\'/g,"'"); //no HTML equivalent as &apos is not cross browser supported s = s.replace(/\"/g,"""); s = s.replace(//g,">"); }else{ s = s.replace(/\'/g,"'"); //no HTML equivalent as &apos is not cross browser supported s = s.replace(/\"/g,"""); s = s.replace(//g,">"); } return s; }else{ return ""; } }, // returns true if a string contains html or numerical encoded entities hasEncoded : function(s){ if(/&#[0-9]{1,5};/g.test(s)){ return true; }else if(/&[A-Z]{2,6};/gi.test(s)){ return true; }else{ return false; } }, // will remove any unicode characters stripUnicode : function(s){ return s.replace(/[^\x20-\x7E]/g,""); }, // corrects any double encoded & entities e.g & correctEncoding : function(s){ return s.replace(/(&)(amp;)+/,"$1"); }, // Function to loop through an array swaping each item with the value from another array e.g swap HTML entities with Numericals swapArrayVals : function(s,arr1,arr2){ if(this.isEmpty(s)) return ""; var re; if(arr1 && arr2){ //ShowDebug("in swapArrayVals arr1.length = " + arr1.length + " arr2.length = " + arr2.length) // array lengths must match if(arr1.length == arr2.length){ for(var x=0,i=arr1.length;x