Homec4science
Diffusion invenio-infoscience cd88d4ca8b42

BibDocFile: better JS washing in web UI
cd88d4ca8b42
Actions

Authored by Jerome Caffaro <jerome.caffaro@cern.ch> on Feb 5 2013, 15:01.

Description

BibDocFile: better JS washing in web UI

  • Better clean values in File Management Interface, prior to using them as JavaScript strings.
  • Escape document type and descriptions for HTML.
  • Moved most JavaScript parameters out of 'onclick' attribute, in order to preserve double-quotes (instead of required transformation to &quot;).
  • Some issue still exists for filenames with line feeds (\n) or carriage returns (\r), as browsers will transform these values into \r\n, making it impossible to match the corresponding bibdoc. One would have to change the code to rely on some bibdoc ID instead of bibdocname to match bibdocs.
  • Also escaped docnames in /files tab.
  • Also prevent use of forbidden chars when renaming a file.

Tested-by: Tibor Simko <tibor.simko@cern.ch>

Details

Committed
Tibor Simko <tibor.simko@cern.ch>Feb 25 2013, 16:20
Parents
R3600:578b148dccef: I18N: updates to Catalan and Spanish translations
Branches
Unknown
Tags
Unknown

Event Timeline

Tibor Simko <tibor.simko@cern.ch> committed R3600:cd88d4ca8b42: BibDocFile: better JS washing in web UI (authored by Jerome Caffaro <jerome.caffaro@cern.ch>).Feb 25 2013, 16:20

Changes (2)

Path
Mmodules/bibdocfile/lib/bibdocfile_managedocfiles.py
Mmodules/bibdocfile/lib/bibdocfile_templates.py

R3600:cd88d4ca8b42

View Options

modules/bibdocfile/lib/bibdocfile_managedocfiles.py

Loading...
View Options

modules/bibdocfile/lib/bibdocfile_templates.py

Loading...
c4science ยท Help