this solves #3

replace special characters in strings with html entities

this solves #3

First of all: I like this library. It is very clean and simple code.

But thats a major bug and preventing me from using it. A string can basically include html and this must not affect the editor.

Example code:

<json-editor id="editor"></json-editor>
<script>
  document.addEventListener('DOMContentLoaded', () => {
    document.getElementById('editor').value = '"John: Hello World!<br>Jane: Hello John!"';
  });
</script>

This will render an invalid json that then does not get updated until fixed:

"John: Hello World!
Jane: Hello John!"

Also: opening a html tag without closing it will cause a strange redraw and data after the "<" will get lost.

To overcome all of these issues it will be enough to escape the string. (That might also be necessary in keys):

format_string(input) {
  input = input.replace(/&/g, "&")
                    .replace(/</g, "&lt;")
                    .replace(/>/g, "&gt;")
                    .replace(/"/g, "&quot;")
                    .replace(/'/g, "&#039;");
  return `<span part="string"><span part="string_quotes">\"</span>${input}<span part="string_quotes">\"</span></span>`;
}

sorry, double post...

First of all: I like this library. It is very clean and simple code.

But thats a major bug and preventing me from using it. A string can basically include html and this must not affect the editor.

Example code:

<json-editor id="editor"></json-editor>
<script>
  document.addEventListener('DOMContentLoaded', () => {
    document.getElementById('editor').value = '"John: Hello World!<br>Jane: Hello John!"';
  });
</script>

This will render an invalid json that then does not get updated until fixed:

"John: Hello World!
Jane: Hello John!"

Also: opening a html tag without closing it will cause a strange redraw and data after the "<" will get lost.

To overcome all of these issues it will be enough to escape the string. (That might also be necessary in keys):

format_string(input) {
  input = input.replace(/&/g, "&")
                    .replace(/</g, "&lt;")
                    .replace(/>/g, "&gt;")
                    .replace(/"/g, "&quot;")
                    .replace(/'/g, "&#039;");
  return `<span part="string"><span part="string_quotes">\"</span>${input}<span part="string_quotes">\"</span></span>`;
}

WTF? github showed me an error page as if it was not submitted

First of all: I like this library. It is very clean and simple code.

But thats a major bug and preventing me from using it. A string can basically include html and this must not affect the editor.

Example code:

<json-editor id="editor"></json-editor>
<script>
  document.addEventListener('DOMContentLoaded', () => {
    document.getElementById('editor').value = '"John: Hello World!<br>Jane: Hello John!"';
  });
</script>

This will render an invalid json that then does not get updated until fixed:

"John: Hello World!
Jane: Hello John!"

Also: opening a html tag without closing it will cause a strange redraw and data after the "<" will get lost.

To overcome all of these issues it will be enough to escape the string. (That might also be necessary in keys):

format_string(input) {
  input = input.replace(/&/g, "&")
                    .replace(/</g, "&lt;")
                    .replace(/>/g, "&gt;")
                    .replace(/"/g, "&quot;")
                    .replace(/'/g, "&#039;");
  return `<span part="string"><span part="string_quotes">\"</span>${input}<span part="string_quotes">\"</span></span>`;
}

Bump json5 from 1.0.1 to 1.0.2

Bumps json5 from 1.0.1 to 1.0.2.

• Release notes
• Changelog
• Commits

updated-dependencies:

• dependency-name: json5 dependency-type: indirect ...

Signed-off-by: dependabot[bot] support@github.com

Merge pull request #104 from tflori/dependabot/npm_and_yarn/json5-1.0.2

Bump json5 from 1.0.1 to 1.0.2

Bumps json5 from 1.0.1 to 1.0.2.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bump ua-parser-js from 0.7.31 to 0.7.33

Bumps ua-parser-js from 0.7.31 to 0.7.33.

• Release notes
• Changelog
• Commits

updated-dependencies:

• dependency-name: ua-parser-js dependency-type: indirect ...

Signed-off-by: dependabot[bot] support@github.com

Merge pull request #105 from tflori/dependabot/npm_and_yarn/ua-parser-js-0.7.33

Bump ua-parser-js from 0.7.31 to 0.7.33

Bumps ua-parser-js from 0.7.31 to 0.7.33.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Only now I found out that this jquery extension is not a real combo box but a non-editable combo box. Maybe it is just me but a combo box for me means that you can decide to enter something new: https://en.wikipedia.org/wiki/Combo_box

First I thought clearIfNoMatch: false would make it that way. At least it looks like it. But the $target value does never get updated with the entered text and gets set to empty string even when clearIfNoMatch is false.

My proposal is to update the $target value with every keup event and don't clear it as well. Here is a diff how I use it:

Index: bootstrap-combobox.js
===================================================================
diff --git a/bootstrap-combobox.js b/bootstrap-combobox.js
--- a/bootstrap-combobox.js
+++ b/bootstrap-combobox.js
@@ -403,6 +403,9 @@
                 default:
                     this.clearTarget();
                     this.lookup();
+                    if (!this.selected && !this.clearIfNoMatch) {
+                        this.$target.val(this.$element.val());
+                    }
             }
 
             e.stopPropagation();
@@ -418,10 +421,11 @@
             this.focused = false;
             var val = this.$element.val();
             if (!this.selected && val !== '' ) {
-                if(that.clearIfNoMatch)
+                if (this.clearIfNoMatch) {
                     this.$element.val('');
-                this.$source.val('').trigger('change');
-                this.$target.val('').trigger('change');
+                    this.$target.val('').trigger('change');
+                }
+                this.$source.val('').trigger('change');
             }
             if (!this.mousedover && this.shown) {setTimeout(function () { that.hide(); }, 200);}
         }

Sorry, to digging this out but it is still one of the first links when searching for optional parameters in mockery...

I don't even remember how I solved that in the other library. But I stumbled again over this issue. Thanks to the AndAnyOtherArgs matcher I have a workaround now but I don't think that this is a viable solution.

My workaround at the moment is an Optional matcher:

use Mockery\Matcher\AndAnyOtherArgs;

class Optional extends AndAnyOtherArgs
{

    public function match(&$actual)
    {
        return is_null($actual) || $this->_expected->match($actual);
    }

    public function __toString()
    {
        return '[' . $this->_expected . ']';
    }
}

That is not really correct but as long as the tests are green :grin:

IMO argument matching should be different:

    public function matchArgs(array $args)
    {
        if ($this->isArgumentListMatcher()) {
            return $this->_matchArg($this->_expectedArgs[0], $args);
        }
        foreach ($this->_expectedArgs as $i => $expected) {
            if (!array_key_exists($i, $args)) {
                // as all further parameters have to be optional too we can return true if the first matcher where we
                // don't get an argument is an optional matcher
                return $expected instanceof OptionalArg;
            }
            if (!$this->_matchArg($expected, $args[$i])) {
                return false;
            }
        }
        
        // if we have more args the last matcher has to be multiple argument and every other argument has to match
        if (count($args) > count((array) $this->_expectedArgs)) {
            $expected = end($this->_expectedArgs);
            reset($this->_expectedArgs);
            if (!$expected || !$expected instanceof MultiArg) {
                return false;
            }

            foreach (slice($args, $i+1) as $arg) {
                if ($this->_matchArg($expected, $arg)) {
                    return false;
                }
            }
        }
        return true;
    }

With these new matchers:

class OptionalArg extends MatcherAbstract
{
    public function match(&$actual)
    {
        return is_null($actual) || $this->_expected->match($actual);
    }

    public function __toString()
    {
        return '[' . $this->_expected . ']';
    }
}

class MultiArg extends OptionalArg
{
    public function match(&$actual)
    {
        return $this->_expected->match($actual);
    }

    public function __toString()
    {
        return '[...' . $this->_expected . ']';
    }
}