escape single quote in javascript string nella lista crea ordine

[lysz210]

Nella traduzione in italiano della tabella degli ordini e' presente un'apostrofo sul titolo  che non viene gestito correttamente durante la generazione della stringa in modo dinamico.

					$.each(res.orders, function() {
						html_orders += '<tr>';
						html_orders += '<td>'+this.id_order+'</td><td>'+this.date_add+'</td><td>'+(this.nb_products ? this.nb_products : '0')+'</td><td>'+this.total_paid_real+'</span></td><td>'+this.payment+'</td><td>'+this.order_state+'</td>';
						html_orders += '<td class="text-right">';
						html_orders += '<a href="http://www.seemarket.it/adminSeeMarket1/index.php?controller=AdminOrders&token=044f6bcb4c945b2f05dba4752e40764e&id_order='+this.id_order+'&vieworder&liteDisplaying=1#" title="Vedi quest'ordine" class="fancybox btn btn-default"><i class="icon-search"></i>&nbsp;Dettagli</a>';
						html_orders += '&nbsp;<a href="#" "title="Duplica quest'ordine" class="duplicate_order btn btn-default" rel="'+this.id_order+'"><i class="icon-arrow-right"></i>&nbsp;Usa</a>';
						html_orders += '</td>';
						html_orders += '</tr>';
					});

Questo causa l'interruzione prematura della stringa e conseguente errore su tutto il resto del codice rendendo inutilizzabile la parte della creazione di un nuovo ordine.

Edited March 23, 2018 by lysz210 (see edit history)

[lysz210]

problem solved.

Compile javascript is really a bad abitude, most of time there are better choices.

Writing dynamic js sould be done avoiding mixed js and html compilation, I don't know the prestashop architecture so, all a could do was escaping strings with proper escapes in the <admin folder>/thems/<theme>/template/controllers/orders/form.tpl.

// add modifier escape:'html' for all HtmlElement attributes.
// use the modifier right after the function name or it doesn't work
// probable I tried at the end and it don't translate at all
{l|escape:'html' s='some string' m='module'}

// this don't work {l s='some string' m='module'|escape:'html'}

// add modifier escape:'quotes' for all HtmlElement content
// better tu use only quotes escape because the element content
// can be html as well, so escape quotes is a better choise
// if you want avoid html inject so you should use escape:'html'
{l|escape:'html' s='some string' m='module'}

 

Edited March 23, 2018 by lysz210 (see edit history)

[buluoluo]

On 2017/10/27 at 10:28 AM, lysz210 said:

problem solved.

Compile javascript is really a bad abitude, most of time there can be better choice.

Writing dinamic js sould be done avoiding mixed js and html compilation, I don't know the prestashop architecture so all a could done was escaping strings with proper escapes in the <admin folder>/thems/<theme>/template/controllers/orders/form.tpl.

// add modifier escape:'html' for all HtmlElement attributes.
// use the modifier right after the function name or it doesn't work
// probable I tried at the end and it don't translate at all
{l|escape:'html' s='some string' m='module'}

// this don't work {l s='some string' m='module'|escape:'html'}

// add modifier escape:'quotes' for all HtmlElement content
// better tu use only quotes escape because the element content
// can be html as well, so escape quotes is a better choise
// if you want avoid html inject so you should use escape:'html'
{l|escape:'html' s='some string' m='module'}

 

Thank you very much.

I got error when I want to create a order from BO in Italian language.

It was resolved with your solution.