[Improvements to the onchange handlers for the edit plank, working gp_escapeJs
tom@wwworldmedia.com**20051107185232] {
hunk ./GangplankBase.php 382
-				return gp_die("setColumnProperties(): unknown column '$name'");
+				return gp_die("setColumnProperties($name): unknown column '$name'");
+			
+			if (! is_array($properties))
+				return gp_die("setColumnProperties($name): properties must be an array such as array('prop' => 'value', 'prop2' => 'value2')");
hunk ./GangplankBase.php 392
-				"on_keydown" => "on_key_down"
+				"on_keydown" => "on_key_down",
+				"onkeyup" => "on_key_up",
+				"on_keyup" => "on_key_up"
hunk ./GangplankBase.php 398
+				if (is_numeric($k))
+					return gp_die("setColumnProperties($name): invalid property name '$k'");
hunk ./GangplankEdit.php 132
+		
+		function setOnHandler($col_name, $event_type, $javascript) {
+			if (substr($event_type, 0, 2) != "on")
+				$event_type = "on" . $event_type;
+			$this->setColumnProperties($col_name, array($event_type => $javascript));
+		}
hunk ./GangplankEdit.php 437
-				<p class=\"edit-pair\">
+				<p class=\"edit-pair\" id=\"$col[name]-container\">
hunk ./GangplankMisc.php 142
-	// Escape $js for use in a double quoted JavaScript 
-	// expression.
+	// Escape JavaScript code $js for use in an XHTML attribute such as
+	// <a href="#" onclick="...">
hunk ./GangplankMisc.php 145
-		$js = str_replace("\\", "\\\\", $js);
-		$js = str_replace("\r", "\\r", $js);
-		$js = str_replace("\n", "\\n", $js);
-		$js = str_replace('"', '\\"', $js);
-		return str_replace("'", "\\'", $js);
+		return htmlspecialchars($js);
}