From b1603f4fd3539694ed6750261a964fb7d407a7da Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Mon, 26 May 2014 13:05:40 +0000
Subject: [PATCH] support <br/> and a single <a href="...">Text</a> (no further
 attributes!) in egw.message()

---
 phpgwapi/js/jsapi/egw_message.js | 31 +++++++++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/phpgwapi/js/jsapi/egw_message.js b/phpgwapi/js/jsapi/egw_message.js
index 097494ec6f..a3be7fabd7 100644
--- a/phpgwapi/js/jsapi/egw_message.js
+++ b/phpgwapi/js/jsapi/egw_message.js
@@ -28,6 +28,7 @@ egw.extend('message', egw.MODULE_WND_LOCAL, function(_app, _wnd)
 	var message_timer;
 	var error_reg_exp;
 	var on_click_remove_installed = false;
+	var a_href_reg = /<a href="([^"]+)">([^<]+)<\/a>/img;
 
 	// Register an 'error' plugin, displaying using the message system
 	this.registerJSONPlugin(function(type, res, req) {
@@ -39,6 +40,17 @@ egw.extend('message', egw.MODULE_WND_LOCAL, function(_app, _wnd)
 		throw 'Invalid parameters';
 	}, null, 'error');
 
+	/**
+	 * Decode html entities so they can be added via .text(_str), eg. html_entity_decode('&amp;') === '&'
+	 *
+	 * @param {string} _str
+	 * @returns {string}
+	 */
+	function html_entity_decode(_str)
+	{
+		return _str && _str.indexOf('&') != -1 ? jQuery('<span>'+_str+'</span>').text() : _str;
+	}
+
 	return {
 		/**
 		 * Display an error or regular message
@@ -95,12 +107,27 @@ egw.extend('message', egw.MODULE_WND_LOCAL, function(_app, _wnd)
 					});
 					on_click_remove_installed = true;
 				}
-				parent.prepend(jQuery(_wnd.document.createElement('div'))
+				// replace br-tags with newlines
+				_msg = _msg.replace(/<br\s?\/?>\n?/i, "\n");
+
+				var msg_div = jQuery(_wnd.document.createElement('div'))
 					.attr('id','egw_message')
 					.text(_msg)
 					.addClass(_type+'_message')
-					.css('position', 'absolute'));
+					.css('position', 'absolute');
+				parent.prepend(msg_div);
 
+				// replace simple a href (NO other attribute, to gard agains XSS!)
+				var matches = a_href_reg.exec(_msg);
+				if (matches)
+				{
+					var parts = _msg.split(matches[0]);
+					msg_div.text(parts[0]);
+					msg_div.append(jQuery(_wnd.document.createElement('a'))
+						.attr('href', html_entity_decode(matches[1]))
+						.text(matches[2]));
+					msg_div.append(jQuery(_wnd.document.createElement('span')).text(parts[1]));
+				}
 				if (_type == 'success')	// clear message again after some time, if no error
 				{
 					message_timer = _wnd.setTimeout(function() {