/* ------------------------------------------------------------
 * PROJECT        : FHSC Interface Standard
 * FILENAME       : jqxss.js
 * ------------------------------------------------------------
 * DATE CREATED   : 17 Apr 2008
 * LAST UPDATED   : 18 Apr 2008
 * ------------------------------------------------------------
 * AUTHOR(S)      : Kevin Scholl (http://www.ksscholl.com/)
 * ------------------------------------------------------------ */

/* ------------------------------------------------------------
 * NO CROSS SITE SCRIPTING
 * ------------------------------------------------------------ */

// reset function
function xssReset() {
	$(".errXSS1, .errXSS2").remove();
	$(":text.checkXSS, :password.checkXSS, textarea.checkXSS").css("borderColor","#7F9DB9").parents("li").removeClass("errorRow");
	}

// check for scripting characters, display any errors/warnings
// usage: $("#elementID").jqNoXSS(settings);
jQuery.fn.jqNoXSS = function(settings) {
	settings = jQuery.extend({
		msg_error    : "Please address the errors noted below",
		msg_xss      : "Only alphanumeric and spaces allowed",
		alphanumeric :  true,
		spaces       :  true,
		underscores  :  false,
		periods      :  false,
		hyphens      :  false,
		doublequotes :  false,
		singlequotes :  false,
		pluses       :  false,
		atsymbol     :  false,
		otherchar    : "" // additional characters, in regular expression format, e.g., "\\&"
		}, settings);
	this.submit(function() {
											 
		HAS_ERRORS     = false;
		var frm        = $(this).attr("id");
		var MSG_ERROR  = "<p class=\"systemMessage msgLevelError errXSS1\">" + settings.msg_error + "...</p>";
		var MSG_XSS    = "<span class=\"msgLevelError errXSS2\">" + settings.msg_xss + ".</span>";
		var legalChar  = "";
		
		// reset all xss-related messages and indications
		xssReset();
		
		// text, password, and textarea fields
		$("#" + frm).find(":text.checkXSS, :password.checkXSS, textarea.checkXSS").each(function(){	

			if ($(this).val() != "") {
				
				// build regular expression
				legalChar = legalChar + "[^"
				if (settings.alphanumeric) legalChar = legalChar + "\\w";
				if (settings.spaces)       legalChar = legalChar + "\\s";
				if (settings.underscores)  legalChar = legalChar + "\\_";
				if (settings.periods)      legalChar = legalChar + "\\.";
				if (settings.hyphens)      legalChar = legalChar + "\\-";
				if (settings.doublequotes) legalChar = legalChar + "\\\"";
				if (settings.singlequotes) legalChar = legalChar + "\\'";
				if (settings.pluses)       legalChar = legalChar + "\\+";
				if (settings.atsymbol)     legalChar = legalChar + "\\@";
				legalChar = legalChar + settings.otherchar + "]"
				
				xssreg = RegExp(legalChar);
				
				// trim extra space from beginning and end of string
				$(this).val($.trim($(this).val()));
				
				if (xssreg.exec($(this).val())) {
					$(this).css("borderColor","#C33")
						.siblings("label").removeClass("valid")
						.parent("li").addClass("errorRow").append(MSG_XSS);
					HAS_ERRORS = true;
					}
				}
			
      });

		// return or submit			
		if (!HAS_ERRORS) {
			// alert("No XSS danger detected!"); return false;
			return true;
			}
		else {
			if (HAS_ERRORS) {
				if ($("#vMessages").length)
					$("#vMessages").append(MSG_ERROR);
				else
				  alert(settings.msg_error + ":\n\n" + settings.msg_xss + " in noted fields.");
				}
			window.scrollTo(0,0);
			return false;
			}
		});
	};