From 545a5527a935a51ead6750b9dd4656e64d38ff3c Mon Sep 17 00:00:00 2001 From: rolux Date: Thu, 19 Apr 2012 08:29:38 +0000 Subject: [PATCH] simplify list dialog title (fixes #754), update list title in toolbar on name change (fixes #753) and fix a potention JS injection vulnerability by HTML-encoding the value of the list title --- static/js/pandora/listDialog.js | 48 ++++++++++++++++----------------- static/js/pandora/toolbar.js | 18 +++++++------ static/js/pandora/utils.js | 1 + 3 files changed, 34 insertions(+), 33 deletions(-) diff --git a/static/js/pandora/listDialog.js b/static/js/pandora/listDialog.js index 466ce1f3..30b6d082 100644 --- a/static/js/pandora/listDialog.js +++ b/static/js/pandora/listDialog.js @@ -17,30 +17,28 @@ pandora.ui.listDialog = function(section) { Ox.getObjectById(tabs, section).selected = true; pandora.$ui.listDialogTabPanel = Ox.TabPanel({ - content: function(id) { - if (id == 'general') { - return pandora.ui.listGeneralPanel(listData); - } else if (id == 'icon') { - return pandora.$ui.listIconPanel = pandora.ui.listIconPanel(listData); - } else if (id == 'query') { - return pandora.$ui.filterForm = pandora.ui.filterForm(listData); + content: function(id) { + if (id == 'general') { + return pandora.ui.listGeneralPanel(listData); + } else if (id == 'icon') { + return pandora.$ui.listIconPanel = pandora.ui.listIconPanel(listData); + } else if (id == 'query') { + return pandora.$ui.filterForm = pandora.ui.filterForm(listData); + } + }, + tabs: tabs + }) + .bindEvent({ + change: function(data) { + var width = getWidth(data.selected); + $dialog.options({ + maxWidth: width, + minWidth: width + }); + $dialog.setSize(width, 312); + $findElement[data.selected == 'icon' ? 'show' : 'hide'](); } - }, - tabs: tabs - }) - .bindEvent({ - change: function(data) { - var width = getWidth(data.selected); - $dialog.options({ - maxWidth: width, - minWidth: width, - title: 'Smart List - ' + listData.name + ' - ' - + Ox.getObjectById(tabs, data.selected).title - }); - $dialog.setSize(width, 312); - $findElement[data.selected == 'icon' ? 'show' : 'hide'](); - } - }); + }); pandora.$ui.listDialogTabPanel.$element.find('.OxButtonGroup').css({width: '256px'}); var $findElement = Ox.FormElementGroup({ @@ -109,7 +107,7 @@ pandora.ui.listDialog = function(section) { height: 312, // keys: {enter: 'save', escape: 'cancel'}, removeOnClose: true, - title: 'List - ' + Ox.encodeHTMLEntities(listData.name), + title: 'List — ' + Ox.encodeHTMLEntities(listData.name), width: width }); @@ -245,7 +243,7 @@ pandora.ui.listGeneralPanel = function(listData) { Ox.Request.clearCache('findLists'); pandora.$ui.info.updateListInfo(); pandora.$ui.listDialog.options({ - title: 'List - ' + Ox.encodeHTMLEntities(listData.name) + ' - General' + title: 'List — ' + Ox.encodeHTMLEntities(listData.name) }); } }); diff --git a/static/js/pandora/toolbar.js b/static/js/pandora/toolbar.js index a9289bc4..0e88ba29 100644 --- a/static/js/pandora/toolbar.js +++ b/static/js/pandora/toolbar.js @@ -26,7 +26,7 @@ pandora.ui.toolbar = function() { !ui.item ? pandora.$ui.listTitle = Ox.Label({ textAlign: 'center', - title: '' + getListName() + '' + title: getListName(pandora.user.ui._list) }) .css({ position: 'absolute', @@ -46,9 +46,6 @@ pandora.ui.toolbar = function() { width: 'auto' }) .hide() - ); - ui.item && that.append( - ); that.append( pandora.$ui.findElement = pandora.ui.findElement() @@ -76,16 +73,21 @@ pandora.ui.toolbar = function() { } } }); - function getListName() { - return pandora.user.ui._list == '' - ? 'All ' + pandora.site.itemName.plural - : pandora.user.ui._list.substr(pandora.user.ui._list.indexOf(':') + 1); + function getListName(listId) { + return '' + ( + listId == '' + ? 'All ' + pandora.site.itemName.plural + : Ox.encodeHTMLEntities(listId.substr(listId.indexOf(':') + 1)) + ) + ''; } function getListTitleLeft() { return 320 - ( ['map', 'calendar'].indexOf(pandora.user.ui.listView) > -1 ? 168 : 0 ); } + that.updateListName = function(listId) { + pandora.$ui.listTitle.options({title: getListName(listId)}); + }; return that; }; diff --git a/static/js/pandora/utils.js b/static/js/pandora/utils.js index b072f40a..98e13d90 100644 --- a/static/js/pandora/utils.js +++ b/static/js/pandora/utils.js @@ -977,6 +977,7 @@ pandora.renameList = function(oldId, newId, newName, folder) { folder = folder || pandora.getListData(oldId).folder; pandora.$ui.folderList[folder].value(oldId, 'name', newName); pandora.$ui.folderList[folder].value(oldId, 'id', newId); + pandora.$ui.toolbar.updateListName(newId); pandora.UI.set({ find: { conditions: [{key: 'list', value: newId, operator: '=='}],