# HG changeset patch # User Søren Løvborg # Date 1489606778 -3600 # Node ID bacc854a3853481a203b378170e4be1e3c8abe64 # Parent 0dbf225439ed883519851c3baec8a0e7e399c2ab templates: addPermAction JS escaping bugfix (by eliminating expansion bugfix) In 33b71a130b16, the addPermAction template was incorrectly escaped via h.jshtml, where it should've been plain h.js. Instead of merely fixing the escaping, refactor the code to completely remove the need for escaping anything, by avoiding the template variable expansion inside the JavaScript. diff -r 0dbf225439ed -r bacc854a3853 kallithea/public/js/base.js --- a/kallithea/public/js/base.js Sat Mar 25 17:35:46 2017 +0900 +++ b/kallithea/public/js/base.js Wed Mar 15 20:39:38 2017 +0100 @@ -1333,10 +1333,23 @@ } -var addPermAction = function(_html, users_list, groups_list){ +function addPermAction(perm_type, users_list, groups_list) { + var template = + '' + + '' + + '' + + '' + + '' + + '
' + + '' + + '' + + '
' + + '
' + + '' + + ''; var $last_node = $('.last_new_member').last(); // empty tr between last and add var next_id = $('.new_members').length; - $last_node.before($('').append(_html.format(next_id))); + $last_node.before($('').append(template.format(next_id, perm_type))); MembersAutoComplete($("#perm_new_member_name_"+next_id), $("#perm_container_"+next_id), users_list, groups_list); } diff -r 0dbf225439ed -r bacc854a3853 kallithea/templates/admin/repo_groups/repo_group_edit_perms.html --- a/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html Sat Mar 25 17:35:46 2017 +0900 +++ b/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html Wed Mar 15 20:39:38 2017 +0100 @@ -73,23 +73,7 @@ %endfor - - <% - _tmpl = """\ - \ - \ - \ - \ - \ -
\ - \ - \ -
\ -
\ - \ - """ - %> - ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl' + ## New entries added by addPermAction here. @@ -133,7 +117,7 @@ $('#add_perm_input').hide(); } $('#add_perm').click(function () { - addPermAction(${h.jshtml(_tmpl)}, ${h.js(c.users_array)}, ${h.js(c.user_groups_array)}); + addPermAction('group', ${h.js(c.users_array)}, ${h.js(c.user_groups_array)}); }); }); diff -r 0dbf225439ed -r bacc854a3853 kallithea/templates/admin/repos/repo_edit_permissions.html --- a/kallithea/templates/admin/repos/repo_edit_permissions.html Sat Mar 25 17:35:46 2017 +0900 +++ b/kallithea/templates/admin/repos/repo_edit_permissions.html Wed Mar 15 20:39:38 2017 +0100 @@ -70,23 +70,7 @@ %endfor - - <% - _tmpl = """\ - \ - \ - \ - \ - \ -
\ - \ - \ -
\ -
\ - \ - """ - %> - ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl' + ## New entries added by addPermAction here. @@ -119,7 +103,7 @@ $('#add_perm_input').hide(); } $('#add_perm').click(function () { - addPermAction(${h.jshtml(_tmpl)}, ${h.js(c.users_array)}, ${h.js(c.user_groups_array)}); + addPermAction('repository', ${h.js(c.users_array)}, ${h.js(c.user_groups_array)}); }); }); diff -r 0dbf225439ed -r bacc854a3853 kallithea/templates/admin/user_groups/user_group_edit_perms.html --- a/kallithea/templates/admin/user_groups/user_group_edit_perms.html Sat Mar 25 17:35:46 2017 +0900 +++ b/kallithea/templates/admin/user_groups/user_group_edit_perms.html Wed Mar 15 20:39:38 2017 +0100 @@ -73,23 +73,7 @@ %endfor - - <% - _tmpl = """\ - \ - \ - \ - \ - \ -
\ - \ - \ -
\ -
\ - \ - """ - %> - ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl' + ## New entries added by addPermAction here. @@ -122,7 +106,7 @@ $('#add_perm_input').hide(); } $('#add_perm').click(function () { - addPermAction(${h.jshtml(_tmpl)}, ${h.js(c.users_array)}, ${h.js(c.user_groups_array)}); + addPermAction('usergroup', ${h.js(c.users_array)}, ${h.js(c.user_groups_array)}); }); });