X-Git-Url: https://adrianiainlam.tk/git/?a=blobdiff_plain;f=plugins%2Flegend.js;h=2ff939879e74a2c55aa064faddad4c8b703f49b5;hb=ebf77a9fa6953523975f7ee608a05e1c66c43e47;hp=5b4a867590cf85752defc827fc5d56568d444a96;hpb=42a9ebb8f492d2541a3904894447a7c74ba4cfd5;p=dygraphs.git

diff --git a/plugins/legend.js b/plugins/legend.js
index 5b4a867..2ff9398 100644
--- a/plugins/legend.js
+++ b/plugins/legend.js
@@ -3,6 +3,7 @@
  * Copyright 2012 Dan Vanderkam (danvdk@gmail.com)
  * MIT-licensed (http://opensource.org/licenses/MIT)
  */
+/*global Dygraph:false */
 
 Dygraph.Plugins.Legend = (function() {
 /*
@@ -87,7 +88,7 @@ legend.prototype.activate = function(g) {
       try {
         div.style[name] = messagestyle[name];
       } catch (e) {
-        this.warn("You are using unsupported css properties for your " +
+        Dygraph.warn("You are using unsupported css properties for your " +
             "browser in labelsDivStyles");
       }
     }
@@ -119,6 +120,10 @@ var calculateEmWidthInDiv = function(div) {
   return oneEmWidth;
 };
 
+var escapeHTML = function(str) {
+  return str.replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+};
+
 legend.prototype.select = function(e) {
   var xValue = e.selectedX;
   var points = e.selectedPoints;
@@ -182,14 +187,14 @@ legend.prototype.destroy = function() {
  * relevant when displaying a legend with no selection (i.e. {legend:
  * 'always'}) and with dashed lines.
  */
-var generateLegendHTML = function(g, x, sel_points, oneEmWidth) {
+generateLegendHTML = function(g, x, sel_points, oneEmWidth) {
   // TODO(danvk): deprecate this option in place of {legend: 'never'}
   if (g.getOption('showLabelsOnHighlight') !== true) return '';
 
   // If no points are selected, we display a default legend. Traditionally,
   // this has been blank. But a better default would be a conventional legend,
   // which provides essential information for a non-interactive chart.
-  var html, sepLines, i, c, dash, strokePattern;
+  var html, sepLines, i, dash, strokePattern;
   var labels = g.getLabels();
 
   if (typeof(x) === 'undefined') {
@@ -207,7 +212,7 @@ var generateLegendHTML = function(g, x, sel_points, oneEmWidth) {
       strokePattern = g.getOption("strokePattern", labels[i]);
       dash = generateLegendDashHTML(strokePattern, series.color, oneEmWidth);
       html += "<span style='font-weight: bold; color: " + series.color + ";'>" +
-          dash + " " + labels[i] + "</span>";
+          dash + " " + escapeHTML(labels[i]) + "</span>";
     }
     return html;
   }
@@ -244,7 +249,7 @@ var generateLegendHTML = function(g, x, sel_points, oneEmWidth) {
 
     // TODO(danvk): use a template string here and make it an attribute.
     html += "<span" + cls + ">" + " <b><span style='color: " + series.color + ";'>" +
-        pt.name + "</span></b>:" + yval + "</span>";
+        escapeHTML(pt.name) + "</span></b>:&nbsp;" + yval + "</span>";
   }
   return html;
 };
@@ -261,7 +266,7 @@ var generateLegendHTML = function(g, x, sel_points, oneEmWidth) {
  * @param oneEmWidth The width in pixels of 1em in the legend.
  * @private
  */
-var generateLegendDashHTML = function(strokePattern, color, oneEmWidth) {
+generateLegendDashHTML = function(strokePattern, color, oneEmWidth) {
   // IE 7,8 fail at these divs, so they get boring legend, have not tested 9.
   var isIE = (/MSIE/.test(navigator.userAgent) && !window.opera);
   if (isIE) return "&mdash;";