X-Git-Url: https://adrianiainlam.tk/git/?a=blobdiff_plain;ds=sidebyside;f=plugins%2Flegend.js;h=2ff939879e74a2c55aa064faddad4c8b703f49b5;hb=f0fa05e0157961128892a50fe022d94fa682e89c;hp=79f758d6eb6464833cf5b7d858a46bfe57fb4bbb;hpb=d33d1c0b44a06d5159a94838e4e24c745d7c6409;p=dygraphs.git
diff --git a/plugins/legend.js b/plugins/legend.js
index 79f758d..2ff9398 100644
--- a/plugins/legend.js
+++ b/plugins/legend.js
@@ -3,6 +3,7 @@
* Copyright 2012 Dan Vanderkam (danvdk@gmail.com)
* MIT-licensed (http://opensource.org/licenses/MIT)
*/
+/*global Dygraph:false */
Dygraph.Plugins.Legend = (function() {
/*
@@ -87,7 +88,7 @@ legend.prototype.activate = function(g) {
try {
div.style[name] = messagestyle[name];
} catch (e) {
- this.warn("You are using unsupported css properties for your " +
+ Dygraph.warn("You are using unsupported css properties for your " +
"browser in labelsDivStyles");
}
}
@@ -119,6 +120,10 @@ var calculateEmWidthInDiv = function(div) {
return oneEmWidth;
};
+var escapeHTML = function(str) {
+ return str.replace(/&/g, "&").replace(/"/g, """).replace(//g, ">");
+};
+
legend.prototype.select = function(e) {
var xValue = e.selectedX;
var points = e.selectedPoints;
@@ -189,7 +194,7 @@ generateLegendHTML = function(g, x, sel_points, oneEmWidth) {
// If no points are selected, we display a default legend. Traditionally,
// this has been blank. But a better default would be a conventional legend,
// which provides essential information for a non-interactive chart.
- var html, sepLines, i, c, dash, strokePattern;
+ var html, sepLines, i, dash, strokePattern;
var labels = g.getLabels();
if (typeof(x) === 'undefined') {
@@ -207,7 +212,7 @@ generateLegendHTML = function(g, x, sel_points, oneEmWidth) {
strokePattern = g.getOption("strokePattern", labels[i]);
dash = generateLegendDashHTML(strokePattern, series.color, oneEmWidth);
html += "" +
- dash + " " + labels[i] + "";
+ dash + " " + escapeHTML(labels[i]) + "";
}
return html;
}
@@ -244,7 +249,7 @@ generateLegendHTML = function(g, x, sel_points, oneEmWidth) {
// TODO(danvk): use a template string here and make it an attribute.
html += "" + " " +
- pt.name + ":" + yval + "";
+ escapeHTML(pt.name) + ": " + yval + "";
}
return html;
};