0x2620
/
pandora
2
1
Fork 1
Code Issues 1.3k Pull Requests Releases Wiki Activity

simplify list dialog title (fixes #754), update list title in toolbar on name change (fixes #753) and fix a potention JS injection vulnerability by HTML-encoding the value of the list title

This commit is contained in:
rolux 2012-04-19 08:29:38 +00:00
parent 429bbe53f6
commit 545a5527a9
3 changed files with 34 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
static/js/pandora/listDialog.js
View File

@ -17,30 +17,28 @@ pandora.ui.listDialog = function(section) {
Ox.getObjectById(tabs, section).selected = true;
pandora.$ui.listDialogTabPanel = Ox.TabPanel({
content: function(id) {
if (id == 'general') {
return pandora.ui.listGeneralPanel(listData);
} else if (id == 'icon') {
return pandora.$ui.listIconPanel = pandora.ui.listIconPanel(listData);
} else if (id == 'query') {
return pandora.$ui.filterForm = pandora.ui.filterForm(listData);
content: function(id) {
if (id == 'general') {
return pandora.ui.listGeneralPanel(listData);
} else if (id == 'icon') {
return pandora.$ui.listIconPanel = pandora.ui.listIconPanel(listData);
} else if (id == 'query') {
return pandora.$ui.filterForm = pandora.ui.filterForm(listData);
}
},
tabs: tabs
})
.bindEvent({
change: function(data) {
var width = getWidth(data.selected);
$dialog.options({
maxWidth: width,
minWidth: width
});
$dialog.setSize(width, 312);
$findElement[data.selected == 'icon' ? 'show' : 'hide']();
}
},
tabs: tabs
})
.bindEvent({
change: function(data) {
var width = getWidth(data.selected);
$dialog.options({
maxWidth: width,
minWidth: width,
title: 'Smart List - ' + listData.name + ' - '
+ Ox.getObjectById(tabs, data.selected).title
});
$dialog.setSize(width, 312);
$findElement[data.selected == 'icon' ? 'show' : 'hide']();
}
});
});
pandora.$ui.listDialogTabPanel.$element.find('.OxButtonGroup').css({width: '256px'});
var $findElement = Ox.FormElementGroup({
@ -109,7 +107,7 @@ pandora.ui.listDialog = function(section) {
height: 312,
// keys: {enter: 'save', escape: 'cancel'},
removeOnClose: true,
title: 'List - ' + Ox.encodeHTMLEntities(listData.name),
title: 'List — ' + Ox.encodeHTMLEntities(listData.name),
width: width
});
@ -245,7 +243,7 @@ pandora.ui.listGeneralPanel = function(listData) {
Ox.Request.clearCache('findLists');
pandora.$ui.info.updateListInfo();
pandora.$ui.listDialog.options({
title: 'List - ' + Ox.encodeHTMLEntities(listData.name) + ' - General'
title: 'List — ' + Ox.encodeHTMLEntities(listData.name)
});
}
});

18
static/js/pandora/toolbar.js
View File

@ -26,7 +26,7 @@ pandora.ui.toolbar = function() {
!ui.item
? pandora.$ui.listTitle = Ox.Label({
textAlign: 'center',
title: '<b>' + getListName() + '</b>'
title: getListName(pandora.user.ui._list)
})
.css({
position: 'absolute',
@ -46,9 +46,6 @@ pandora.ui.toolbar = function() {
width: 'auto'
})
.hide()
);
ui.item && that.append(
);
that.append(
pandora.$ui.findElement = pandora.ui.findElement()
@ -76,16 +73,21 @@ pandora.ui.toolbar = function() {
}
}
});
function getListName() {
return pandora.user.ui._list == ''
? 'All ' + pandora.site.itemName.plural
: pandora.user.ui._list.substr(pandora.user.ui._list.indexOf(':') + 1);
function getListName(listId) {
return '<b>' + (
listId == ''
? 'All ' + pandora.site.itemName.plural
: Ox.encodeHTMLEntities(listId.substr(listId.indexOf(':') + 1))
) + '</b>';
}
function getListTitleLeft() {
return 320 - (
['map', 'calendar'].indexOf(pandora.user.ui.listView) > -1 ? 168 : 0
);
}
that.updateListName = function(listId) {
pandora.$ui.listTitle.options({title: getListName(listId)});
};
return that;
};

1
static/js/pandora/utils.js
View File

@ -977,6 +977,7 @@ pandora.renameList = function(oldId, newId, newName, folder) {
folder = folder || pandora.getListData(oldId).folder;
pandora.$ui.folderList[folder].value(oldId, 'name', newName);
pandora.$ui.folderList[folder].value(oldId, 'id', newId);
pandora.$ui.toolbar.updateListName(newId);
pandora.UI.set({
find: {
conditions: [{key: 'list', value: newId, operator: '=='}],