# HG changeset patch # User Søren Løvborg # Date 2017-03-15 20:39:38 # Node ID bacc854a3853481a203b378170e4be1e3c8abe64 # Parent 0dbf225439ed883519851c3baec8a0e7e399c2ab templates: addPermAction JS escaping bugfix (by eliminating expansion bugfix) In 33b71a130b16, the addPermAction template was incorrectly escaped via h.jshtml, where it should've been plain h.js. Instead of merely fixing the escaping, refactor the code to completely remove the need for escaping anything, by avoiding the template variable expansion inside the JavaScript. diff --git a/kallithea/public/js/base.js b/kallithea/public/js/base.js --- a/kallithea/public/js/base.js +++ b/kallithea/public/js/base.js @@ -1333,10 +1333,23 @@ var PullRequestAutoComplete = function ( } -var addPermAction = function(_html, users_list, groups_list){ +function addPermAction(perm_type, users_list, groups_list) { + var template = + '' + + '' + + '' + + '' + + '' + + '
' + + '' + + '' + + '
' + + '
' + + '' + + ''; var $last_node = $('.last_new_member').last(); // empty tr between last and add var next_id = $('.new_members').length; - $last_node.before($('').append(_html.format(next_id))); + $last_node.before($('').append(template.format(next_id, perm_type))); MembersAutoComplete($("#perm_new_member_name_"+next_id), $("#perm_container_"+next_id), users_list, groups_list); } diff --git a/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html b/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html --- a/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html +++ b/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html @@ -73,23 +73,7 @@ ${h.form(url('edit_repo_group_perms', gr %endfor - - <% - _tmpl = """\ - \ - \ - \ - \ - \ -
\ - \ - \ -
\ -
\ - \ - """ - %> - ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl' + ## New entries added by addPermAction here. @@ -133,7 +117,7 @@ ${h.end_form()} $('#add_perm_input').hide(); } $('#add_perm').click(function () { - addPermAction(${h.jshtml(_tmpl)}, ${h.js(c.users_array)}, ${h.js(c.user_groups_array)}); + addPermAction('group', ${h.js(c.users_array)}, ${h.js(c.user_groups_array)}); }); }); diff --git a/kallithea/templates/admin/repos/repo_edit_permissions.html b/kallithea/templates/admin/repos/repo_edit_permissions.html --- a/kallithea/templates/admin/repos/repo_edit_permissions.html +++ b/kallithea/templates/admin/repos/repo_edit_permissions.html @@ -70,23 +70,7 @@ ${h.form(url('edit_repo_perms_update', r %endfor - - <% - _tmpl = """\ - \ - \ - \ - \ - \ -
\ - \ - \ -
\ -
\ - \ - """ - %> - ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl' + ## New entries added by addPermAction here. @@ -119,7 +103,7 @@ ${h.end_form()} $('#add_perm_input').hide(); } $('#add_perm').click(function () { - addPermAction(${h.jshtml(_tmpl)}, ${h.js(c.users_array)}, ${h.js(c.user_groups_array)}); + addPermAction('repository', ${h.js(c.users_array)}, ${h.js(c.user_groups_array)}); }); }); diff --git a/kallithea/templates/admin/user_groups/user_group_edit_perms.html b/kallithea/templates/admin/user_groups/user_group_edit_perms.html --- a/kallithea/templates/admin/user_groups/user_group_edit_perms.html +++ b/kallithea/templates/admin/user_groups/user_group_edit_perms.html @@ -73,23 +73,7 @@ ${h.form(url('edit_user_group_perms_upda %endfor - - <% - _tmpl = """\ - \ - \ - \ - \ - \ -
\ - \ - \ -
\ -
\ - \ - """ - %> - ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl' + ## New entries added by addPermAction here. @@ -122,7 +106,7 @@ ${h.end_form()} $('#add_perm_input').hide(); } $('#add_perm').click(function () { - addPermAction(${h.jshtml(_tmpl)}, ${h.js(c.users_array)}, ${h.js(c.user_groups_array)}); + addPermAction('usergroup', ${h.js(c.users_array)}, ${h.js(c.user_groups_array)}); }); });