simplify list dialog title (fixes #754), update list title in toolbar on name change (fixes #753) and fix a potention JS injection vulnerability by HTML-encoding the value of the list title

This commit is contained in:
rolux 2012-04-19 08:29:38 +00:00
parent 429bbe53f6
commit 545a5527a9
3 changed files with 34 additions and 33 deletions

View file

@ -17,30 +17,28 @@ pandora.ui.listDialog = function(section) {
Ox.getObjectById(tabs, section).selected = true; Ox.getObjectById(tabs, section).selected = true;
pandora.$ui.listDialogTabPanel = Ox.TabPanel({ pandora.$ui.listDialogTabPanel = Ox.TabPanel({
content: function(id) { content: function(id) {
if (id == 'general') { if (id == 'general') {
return pandora.ui.listGeneralPanel(listData); return pandora.ui.listGeneralPanel(listData);
} else if (id == 'icon') { } else if (id == 'icon') {
return pandora.$ui.listIconPanel = pandora.ui.listIconPanel(listData); return pandora.$ui.listIconPanel = pandora.ui.listIconPanel(listData);
} else if (id == 'query') { } else if (id == 'query') {
return pandora.$ui.filterForm = pandora.ui.filterForm(listData); return pandora.$ui.filterForm = pandora.ui.filterForm(listData);
}
},
tabs: tabs
})
.bindEvent({
change: function(data) {
var width = getWidth(data.selected);
$dialog.options({
maxWidth: width,
minWidth: width
});
$dialog.setSize(width, 312);
$findElement[data.selected == 'icon' ? 'show' : 'hide']();
} }
}, });
tabs: tabs
})
.bindEvent({
change: function(data) {
var width = getWidth(data.selected);
$dialog.options({
maxWidth: width,
minWidth: width,
title: 'Smart List - ' + listData.name + ' - '
+ Ox.getObjectById(tabs, data.selected).title
});
$dialog.setSize(width, 312);
$findElement[data.selected == 'icon' ? 'show' : 'hide']();
}
});
pandora.$ui.listDialogTabPanel.$element.find('.OxButtonGroup').css({width: '256px'}); pandora.$ui.listDialogTabPanel.$element.find('.OxButtonGroup').css({width: '256px'});
var $findElement = Ox.FormElementGroup({ var $findElement = Ox.FormElementGroup({
@ -109,7 +107,7 @@ pandora.ui.listDialog = function(section) {
height: 312, height: 312,
// keys: {enter: 'save', escape: 'cancel'}, // keys: {enter: 'save', escape: 'cancel'},
removeOnClose: true, removeOnClose: true,
title: 'List - ' + Ox.encodeHTMLEntities(listData.name), title: 'List — ' + Ox.encodeHTMLEntities(listData.name),
width: width width: width
}); });
@ -245,7 +243,7 @@ pandora.ui.listGeneralPanel = function(listData) {
Ox.Request.clearCache('findLists'); Ox.Request.clearCache('findLists');
pandora.$ui.info.updateListInfo(); pandora.$ui.info.updateListInfo();
pandora.$ui.listDialog.options({ pandora.$ui.listDialog.options({
title: 'List - ' + Ox.encodeHTMLEntities(listData.name) + ' - General' title: 'List — ' + Ox.encodeHTMLEntities(listData.name)
}); });
} }
}); });

View file

@ -26,7 +26,7 @@ pandora.ui.toolbar = function() {
!ui.item !ui.item
? pandora.$ui.listTitle = Ox.Label({ ? pandora.$ui.listTitle = Ox.Label({
textAlign: 'center', textAlign: 'center',
title: '<b>' + getListName() + '</b>' title: getListName(pandora.user.ui._list)
}) })
.css({ .css({
position: 'absolute', position: 'absolute',
@ -46,9 +46,6 @@ pandora.ui.toolbar = function() {
width: 'auto' width: 'auto'
}) })
.hide() .hide()
);
ui.item && that.append(
); );
that.append( that.append(
pandora.$ui.findElement = pandora.ui.findElement() pandora.$ui.findElement = pandora.ui.findElement()
@ -76,16 +73,21 @@ pandora.ui.toolbar = function() {
} }
} }
}); });
function getListName() { function getListName(listId) {
return pandora.user.ui._list == '' return '<b>' + (
? 'All ' + pandora.site.itemName.plural listId == ''
: pandora.user.ui._list.substr(pandora.user.ui._list.indexOf(':') + 1); ? 'All ' + pandora.site.itemName.plural
: Ox.encodeHTMLEntities(listId.substr(listId.indexOf(':') + 1))
) + '</b>';
} }
function getListTitleLeft() { function getListTitleLeft() {
return 320 - ( return 320 - (
['map', 'calendar'].indexOf(pandora.user.ui.listView) > -1 ? 168 : 0 ['map', 'calendar'].indexOf(pandora.user.ui.listView) > -1 ? 168 : 0
); );
} }
that.updateListName = function(listId) {
pandora.$ui.listTitle.options({title: getListName(listId)});
};
return that; return that;
}; };

View file

@ -977,6 +977,7 @@ pandora.renameList = function(oldId, newId, newName, folder) {
folder = folder || pandora.getListData(oldId).folder; folder = folder || pandora.getListData(oldId).folder;
pandora.$ui.folderList[folder].value(oldId, 'name', newName); pandora.$ui.folderList[folder].value(oldId, 'name', newName);
pandora.$ui.folderList[folder].value(oldId, 'id', newId); pandora.$ui.folderList[folder].value(oldId, 'id', newId);
pandora.$ui.toolbar.updateListName(newId);
pandora.UI.set({ pandora.UI.set({
find: { find: {
conditions: [{key: 'list', value: newId, operator: '=='}], conditions: [{key: 'list', value: newId, operator: '=='}],