[GEOS-11370] Refactor inline JavaScript in the TestWfsPost Page

src/main/src/main/java/applicationContext.xml

@@ -221,6 +221,7 @@
      <property name="mappings">
        <props>
         <prop key="/schemas/**">classpathPublisher</prop>
+        <prop key="/webresources/**">classpathPublisher</prop>
         <prop key="/j_acegi_security_check">classpathPublisher</prop>
         <prop key="/j_spring_security_check">classpathPublisher</prop>
         <prop key="/login">classpathPublisher</prop>

src/wfs/src/main/java/org/vfny/geoserver/wfs/servlets/TestWfsPost.java

@@ -23,6 +23,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.text.StringEscapeUtils;
 import org.geoserver.config.GeoServer;
 import org.geoserver.ows.util.ResponseUtils;
 import org.geoserver.platform.GeoServerExtensions;
@@ -114,38 +115,17 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re
             out.println("<head>");
             out.println("<title>TestWfsPost</title>");
             out.println("</head>");
-            out.println("<script language=\"JavaScript\">");
-            out.println("function doNothing() {");
-            out.println("}");
-            out.println("function sendRequest() {");
-            out.println("  if (checkURL()==true) {");
-            out.print("    document.frm.action = \"");
-            out.print(urlInfo.toString());
-            out.print("\";\n");
-            out.println("    document.frm.target = \"_blank\";");
-            out.println("    document.frm.submit();");
-            out.println("  }");
-            out.println("}");
-            out.println("function checkURL() {");
-            out.println("  if (document.frm.url.value==\"\") {");
-            out.println("    alert(\"Please give URL before you sumbit this form!\");");
-            out.println("    return false;");
-            out.println("  } else {");
-            out.println("    return true;");
-            out.println("  }");
-            out.println("}");
-            out.println("function clearRequest() {");
-            out.println("document.frm.body.value = \"\";");
-            out.println("}");
-            out.println("</script>");
+            out.println("<script src=\"webresources/wfs/TestWfsPost.js\"></script>");
             out.println("<body>");
-            out.println("<form name=\"frm\" action=\"JavaScript:doNothing()\" method=\"POST\">");
+            out.print("<form name=\"frm\" action=\"");
+            out.print(StringEscapeUtils.escapeHtml4(urlInfo.toString()));
+            out.println("\" method=\"POST\" target=\"_blank\">");
             out.println(
                     "<table align=\"center\" cellspacing=\"2\" cellpadding=\"2\" border=\"0\">");
             out.println("<tr>");
             out.println("<td><b>URL:</b></td>");
             out.print("<td><input name=\"url\" value=\"");
-            out.print(geoserverUrl);
+            out.print(StringEscapeUtils.escapeHtml4(geoserverUrl));
             out.print("/wfs/GetFeature\" size=\"70\" MAXLENGTH=\"100\"/></td>\n");
             out.println("</tr>");
             out.println("<tr>");
@@ -155,10 +135,8 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re
             out.println("</table>");
             out.println("<table align=\"center\">");
             out.println("<tr>");
-            out.println(
-                    "<td><input type=\"button\" value=\"Clear\" onclick=\"clearRequest()\"></td>");
-            out.println(
-                    "<td><input type=\"button\" value=\"Submit\" onclick=\"sendRequest()\"></td>");
+            out.println("<td><input id=\"clearButton\" type=\"button\" value=\"Clear\"></td>");
+            out.println("<td><input id=\"submitButton\" type=\"button\" value=\"Submit\"></td>");
             out.println("<td></td>");
             out.println("</tr>");
             out.println("</table>");

src/wfs/src/main/resources/webresources/wfs/TestWfsPost.js

@@ -0,0 +1,13 @@
+
+window.onload = function() {
+    document.getElementById('submitButton').onclick = function() {
+        if (document.frm.url.value == '') {
+            alert('Please give URL before you sumbit this form!');
+        } else {
+            document.frm.submit();
+        }
+    };
+    document.getElementById('clearButton').onclick = function() {
+        document.frm.body.value = '';
+    };
+};

src/wfs/src/test/java/org/vfny/geoserver/wfs/servlets/TestWfsPostTest.java

@@ -4,8 +4,9 @@
  */
 package org.vfny.geoserver.wfs.servlets;
 
-import static org.hamcrest.CoreMatchers.containsString;
 import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.containsString;
+import static org.hamcrest.Matchers.not;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
@@ -256,6 +257,20 @@ protected GeoServer getGeoServer() {
         assertEquals("https://foo.com/geoserver", servlet.getProxyBaseURL());
     }
 
+    @Test
+    public void testRemovedInlineJavaScript() throws Exception {
+        TestWfsPost servlet = buildMockServlet();
+        MockHttpServletRequest request = buildMockRequest();
+        request.setMethod("GET");
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        servlet.service(request, response);
+        String result = response.getContentAsString();
+        assertThat(
+                result,
+                containsString("<script src=\"webresources/wfs/TestWfsPost.js\"></script>"));
+        assertThat(result, not(containsString("<script language=\"JavaScript\">")));
+    }
+
     @SuppressWarnings("PMD.AvoidUsingHardCodedIP")
     protected static MockHttpServletRequest buildMockRequest() {
         MockHttpServletRequest request = new MockHttpServletRequest();