Mercurial > kallithea
changeset 6541:bacc854a3853
templates: addPermAction JS escaping bugfix (by eliminating expansion bugfix)
In 33b71a130b16, the addPermAction template was incorrectly escaped via
h.jshtml, where it should've been plain h.js.
Instead of merely fixing the escaping, refactor the code to completely
remove the need for escaping anything, by avoiding the template variable
expansion inside the JavaScript.
author | Søren Løvborg <sorenl@unity3d.com> |
---|---|
date | Wed, 15 Mar 2017 20:39:38 +0100 |
parents | 0dbf225439ed |
children | 62ac1470b748 |
files | kallithea/public/js/base.js kallithea/templates/admin/repo_groups/repo_group_edit_perms.html kallithea/templates/admin/repos/repo_edit_permissions.html kallithea/templates/admin/user_groups/user_group_edit_perms.html |
diffstat | 4 files changed, 21 insertions(+), 56 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/public/js/base.js Sat Mar 25 17:35:46 2017 +0900 +++ b/kallithea/public/js/base.js Wed Mar 15 20:39:38 2017 +0100 @@ -1333,10 +1333,23 @@ } -var addPermAction = function(_html, users_list, groups_list){ +function addPermAction(perm_type, users_list, groups_list) { + var template = + '<td><input type="radio" value="{1}.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td>' + + '<td><input type="radio" value="{1}.read" checked="checked" name="perm_new_member_{0}" id="perm_new_member_{0}"></td>' + + '<td><input type="radio" value="{1}.write" name="perm_new_member_{0}" id="perm_new_member_{0}"></td>' + + '<td><input type="radio" value="{1}.admin" name="perm_new_member_{0}" id="perm_new_member_{0}"></td>' + + '<td class="ac">' + + '<div class="perm_ac" id="perm_ac_{0}">' + + '<input class="yui-ac-input" id="perm_new_member_name_{0}" name="perm_new_member_name_{0}" value="" type="text">' + + '<input id="perm_new_member_type_{0}" name="perm_new_member_type_{0}" value="" type="hidden">' + + '<div id="perm_container_{0}"></div>' + + '</div>' + + '</td>' + + '<td></td>'; var $last_node = $('.last_new_member').last(); // empty tr between last and add var next_id = $('.new_members').length; - $last_node.before($('<tr class="new_members">').append(_html.format(next_id))); + $last_node.before($('<tr class="new_members">').append(template.format(next_id, perm_type))); MembersAutoComplete($("#perm_new_member_name_"+next_id), $("#perm_container_"+next_id), users_list, groups_list); }
--- a/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html Sat Mar 25 17:35:46 2017 +0900 +++ b/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html Wed Mar 15 20:39:38 2017 +0100 @@ -73,23 +73,7 @@ </td> </tr> %endfor - - <% - _tmpl = """\ - <td><input type="radio" value="group.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \ - <td><input type="radio" value="group.read" checked="checked" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \ - <td><input type="radio" value="group.write" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \ - <td><input type="radio" value="group.admin" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \ - <td class="ac"> \ - <div class="perm_ac" id="perm_ac_{0}"> \ - <input class="yui-ac-input" id="perm_new_member_name_{0}" name="perm_new_member_name_{0}" value="" type="text"> \ - <input id="perm_new_member_type_{0}" name="perm_new_member_type_{0}" value="" type="hidden"> \ - <div id="perm_container_{0}"></div> \ - </div> \ - </td> \ - <td></td>""" - %> - ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl' + ## New entries added by addPermAction here. <tr class="new_members last_new_member" id="add_perm_input"><td colspan="6"></td></tr> <tr> <td colspan="6"> @@ -133,7 +117,7 @@ $('#add_perm_input').hide(); } $('#add_perm').click(function () { - addPermAction(${h.jshtml(_tmpl)}, ${h.js(c.users_array)}, ${h.js(c.user_groups_array)}); + addPermAction('group', ${h.js(c.users_array)}, ${h.js(c.user_groups_array)}); }); }); </script>
--- a/kallithea/templates/admin/repos/repo_edit_permissions.html Sat Mar 25 17:35:46 2017 +0900 +++ b/kallithea/templates/admin/repos/repo_edit_permissions.html Wed Mar 15 20:39:38 2017 +0100 @@ -70,23 +70,7 @@ </td> </tr> %endfor - - <% - _tmpl = """\ - <td><input type="radio" value="repository.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \ - <td><input type="radio" value="repository.read" checked="checked" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \ - <td><input type="radio" value="repository.write" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \ - <td><input type="radio" value="repository.admin" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \ - <td class="ac"> \ - <div class="perm_ac" id="perm_ac_{0}"> \ - <input class="yui-ac-input" id="perm_new_member_name_{0}" name="perm_new_member_name_{0}" value="" type="text"> \ - <input id="perm_new_member_type_{0}" name="perm_new_member_type_{0}" value="" type="hidden"> \ - <div id="perm_container_{0}"></div> \ - </div> \ - </td> \ - <td></td>""" - %> - ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl' + ## New entries added by addPermAction here. <tr class="new_members last_new_member" id="add_perm_input"><td colspan="6"></td></tr> <tr> <td colspan="6"> @@ -119,7 +103,7 @@ $('#add_perm_input').hide(); } $('#add_perm').click(function () { - addPermAction(${h.jshtml(_tmpl)}, ${h.js(c.users_array)}, ${h.js(c.user_groups_array)}); + addPermAction('repository', ${h.js(c.users_array)}, ${h.js(c.user_groups_array)}); }); }); </script>
--- a/kallithea/templates/admin/user_groups/user_group_edit_perms.html Sat Mar 25 17:35:46 2017 +0900 +++ b/kallithea/templates/admin/user_groups/user_group_edit_perms.html Wed Mar 15 20:39:38 2017 +0100 @@ -73,23 +73,7 @@ </td> </tr> %endfor - - <% - _tmpl = """\ - <td><input type="radio" value="usergroup.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \ - <td><input type="radio" value="usergroup.read" checked="checked" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \ - <td><input type="radio" value="usergroup.write" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \ - <td><input type="radio" value="usergroup.admin" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \ - <td class="ac"> \ - <div class="perm_ac" id="perm_ac_{0}"> \ - <input class="yui-ac-input" id="perm_new_member_name_{0}" name="perm_new_member_name_{0}" value="" type="text"> \ - <input id="perm_new_member_type_{0}" name="perm_new_member_type_{0}" value="" type="hidden"> \ - <div id="perm_container_{0}"></div> \ - </div> \ - </td> \ - <td></td>""" - %> - ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl' + ## New entries added by addPermAction here. <tr class="new_members last_new_member" id="add_perm_input"><td colspan="6"></td></tr> <tr> <td colspan="6"> @@ -122,7 +106,7 @@ $('#add_perm_input').hide(); } $('#add_perm').click(function () { - addPermAction(${h.jshtml(_tmpl)}, ${h.js(c.users_array)}, ${h.js(c.user_groups_array)}); + addPermAction('usergroup', ${h.js(c.users_array)}, ${h.js(c.user_groups_array)}); }); }); </script>