From 16d9cb557a37bc74045549b189499104db2ea2ce Mon Sep 17 00:00:00 2001
From: Peter Schojer <peter.schojer@appinf.com>
Date: Thu, 18 Sep 2008 11:43:26 +0000
Subject: [PATCH] escaping values of select event

---
 WebWidgets/ExtJS/src/ComboBoxCellRenderer.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/WebWidgets/ExtJS/src/ComboBoxCellRenderer.cpp b/WebWidgets/ExtJS/src/ComboBoxCellRenderer.cpp
index fd034a9ea..e82a490a9 100644
--- a/WebWidgets/ExtJS/src/ComboBoxCellRenderer.cpp
+++ b/WebWidgets/ExtJS/src/ComboBoxCellRenderer.cpp
@@ -72,7 +72,7 @@ JSDelegate ComboBoxCellRenderer::createSelectedServerCallback(const ComboBox* pC
 	//select : ( Ext.form.ComboBox combo, Ext.data.Record record, Number index )
 	static const std::string signature("function(combo,rec,idx)");
 	std::map<std::string, std::string> addParams;
-	addParams.insert(std::make_pair(ComboBoxCell::FIELD_VAL, "+rec.get('d')"));
+	addParams.insert(std::make_pair(ComboBoxCell::FIELD_VAL, "+escape(rec.get('d'))"));
 	addParams.insert(std::make_pair(RequestHandler::KEY_EVID, ComboBoxCell::EV_SELECTED));
 	return Utility::createServerCallback(signature, addParams, pCombo->id(), pCombo->selected.getOnSuccess(), pCombo->selected.getOnFailure());
 }
@@ -84,7 +84,7 @@ Poco::WebWidgets::JSDelegate ComboBoxCellRenderer::createBeforeSelectServerCallb
 	// return false to forbid it
 	static const std::string signature("function(combo,rec,idx)");
 	std::map<std::string, std::string> addParams;
-	addParams.insert(std::make_pair(ComboBoxCell::FIELD_VAL, "+rec.get('d')"));
+	addParams.insert(std::make_pair(ComboBoxCell::FIELD_VAL, "+escape(rec.get('d'))"));
 	addParams.insert(std::make_pair(RequestHandler::KEY_EVID, ComboBoxCell::EV_BEFORESELECT));
 	return Utility::createServerCallback(signature, addParams, pCombo->id(), pCombo->beforeSelect.getOnSuccess(), pCombo->beforeSelect.getOnFailure());
 }