Priority: Low
Current State: No Action Required
Released In: n/a
Target Release: n/a
Applies To: Extension
Component: JQueryPlugin
Branches: trunk
Michael -
GeorgeClark wanted me to ask you if this patch should this go into 1.1.5?
--
KipLubliner - 26 Mar 2012
George, Kip, what exactly is the motivation for that?
What about the other events on DOM elements?
Should they all be treated that way? Certainly not.
That's not the right way to attach a click event to a link.
Basically all
on...
attributes should be omitted for security reasons. They will be stripped off by
SafeWikiPlugin anyway.
Please go with the following pattern:
<a href="#" id="mylink">click me</a>
...
jQuery(function() {
$("#mylink").live("click", function() {
...
});
});
See
http://jqapi.com/#p=live for more info on
live()
--
MichaelDaum - 26 Mar 2012
Michael,
Please don't blame George for anything - he just suggested that I ask you about this patch. This dates back to January, when I wrote
SqlGridPlugin. I added new buttons to the grid, and I found that the jqUIButtons didn't support the onclick event. This patch is my solution, but I abandoned that approach and used $().dialog directly for more control.
So this is a fix that I don't need anymore, and that encourages unsafe practices. I admit that I am still very new to Javascript, and I haven't used
SafeWikiPlugin. I am reverting the change as it seems that you have reservations about it.
--
KipLubliner - 27 Mar 2012