Skip to content

Commit

Permalink
A large assortment of escaping fixes to primarily grids and javascrip…
Browse files Browse the repository at this point in the history 
…t templating, and one bad-data-ingress fix (copy history name).
  • Loading branch information
@dannon
dannon committed Nov 20, 2015
1 parent eb16ba3 commit 0fdca7d
Show file tree
Hide file tree
Showing 46 changed files with 139 additions and 114 deletions.
6 changes: 3 additions & 3 deletions client/galaxy/scripts/mvc/collection/list-collection-creator.js
View file
Expand Up @@ -43,7 +43,7 @@ var DatasetCollectionElementView = Backbone.View.extend( BASE_MVC.LoggableMixin
//TODO: lots of unused space in the element - possibly load details and display them horiz.
template : _.template([
'<a class="name" title="', _l( 'Click to rename' ), '" href="javascript:void(0)">',
'<%= element.name %>',
'<%- element.name %>',
'</a>',
'<button class="discard btn btn-sm" title="', _l( 'Remove this dataset from the list' ), '">',
_l( 'Discard' ),
Expand Down Expand Up @@ -925,7 +925,7 @@ var ListCollectionCreator = Backbone.View.extend( BASE_MVC.LoggableMixin ).exten
invalidElements : _.template([
_l( 'The following selections could not be included due to problems:' ),
'<ul><% _.each( problems, function( problem ){ %>',
'<li><b><%= problem.element.name %></b>: <%= problem.text %></li>',
'<li><b><%- problem.element.name %></b>: <%- problem.text %></li>',
'<% }); %></ul>'
].join('')),

Expand All @@ -945,7 +945,7 @@ var ListCollectionCreator = Backbone.View.extend( BASE_MVC.LoggableMixin ).exten
'<% if( _.size( problems ) ){ %>',
_l( 'The following selections could not be included due to problems' ), ':',
'<ul><% _.each( problems, function( problem ){ %>',
'<li><b><%= problem.element.name %></b>: <%= problem.text %></li>',
'<li><b><%- problem.element.name %></b>: <%- problem.text %></li>',
'<% }); %></ul>',
'<% } else if( _.size( elements ) < 1 ){ %>',
_l( 'No datasets were selected' ), '.',
Expand Down
6 changes: 3 additions & 3 deletions client/galaxy/scripts/mvc/collection/list-of-pairs-collection-creator.js
View file
Expand Up @@ -30,11 +30,11 @@ var PairView = Backbone.View.extend( baseMVC.LoggableMixin ).extend({
},

template : _.template([
'<span class="forward-dataset-name flex-column"><%= pair.forward.name %></span>',
'<span class="forward-dataset-name flex-column"><%- pair.forward.name %></span>',
'<span class="pair-name-column flex-column">',
'<span class="pair-name"><%= pair.name %></span>',
'<span class="pair-name"><%- pair.name %></span>',
'</span>',
'<span class="reverse-dataset-name flex-column"><%= pair.reverse.name %></span>'
'<span class="reverse-dataset-name flex-column"><%- pair.reverse.name %></span>'
].join('')),

render : function(){
Expand Down
10 changes: 5 additions & 5 deletions client/galaxy/scripts/mvc/collection/pair-collection-creator.js
View file
Expand Up @@ -32,8 +32,8 @@ var PairedDatasetCollectionElementView = Backbone.View.extend( BASE_MVC.Loggable

//TODO: lots of unused space in the element - possibly load details and display them horiz.
template : _.template([
'<span class="identifier"><%= identifier %></span>',
'<span class="name"><%= element.name %></span>',
'<span class="identifier"><%- identifier %></span>',
'<span class="name"><%- element.name %></span>',
].join('')),

/** remove the DOM and any listeners */
Expand Down Expand Up @@ -176,15 +176,15 @@ var PairCollectionCreator = _super.extend({
'<% if( _.size( problems ) ){ %>',
_l( 'The following selections could not be included due to problems' ),
'<ul><% _.each( problems, function( problem ){ %>',
'<li><b><%= problem.element.name %></b>: <%= problem.text %></li>',
'<li><b><%- problem.element.name %></b>: <%- problem.text %></li>',
'<% }); %></ul>',
'<% } else if( _.size( elements ) === 0 ){ %>',
_l( 'No datasets were selected' ), '.',
'<% } else if( _.size( elements ) === 1 ){ %>',
_l( 'Only one dataset was selected' ), ': <%= elements[0].name %>',
_l( 'Only one dataset was selected' ), ': <%- elements[0].name %>',
'<% } else if( _.size( elements ) > 2 ){ %>',
_l( 'Too many datasets were selected' ),
': <%= _.pluck( elements, "name" ).join( ", ") %>',
': <%- _.pluck( elements, "name" ).join( ", ") %>',
'<% } %>',
'<br />',
_l( 'Two (and only two) elements are needed for the pair' ), '. ',
Expand Down
14 changes: 7 additions & 7 deletions client/galaxy/scripts/mvc/dataset/dataset-choice.js
View file
Expand Up @@ -249,7 +249,7 @@ var DatasetChoice = Backbone.View.extend( BASE_MVC.LoggableMixin ).extend({
_template : function( json ){
return _.template([
'<label>',
'<span class="prompt"><%= label %></span>',
'<span class="prompt"><%- label %></span>',
'<div class="selected"></div>',
'</label>'
].join(''))( json );
Expand All @@ -261,11 +261,11 @@ var DatasetChoice = Backbone.View.extend( BASE_MVC.LoggableMixin ).extend({
//TODO: break out?
return $( _.template([
'<div class="selected">',
'<span class="title"><%= selected.hid %>: <%= selected.name %></span>',
'<span class="title"><%- selected.hid %>: <%- selected.name %></span>',
'<span class="subtitle">',
'<i><%= selected.misc_blurb %></i>',
'<i>', _l( 'format' ) + ': ', '<%= selected.file_ext %></i>',
'<i><%= selected.misc_info %></i>',
'<i><%- selected.misc_blurb %></i>',
'<i>', _l( 'format' ) + ': ', '<%- selected.file_ext %></i>',
'<i><%- selected.misc_info %></i>',
'</span>',
'</div>'
].join( '' ), { variable : 'selected' })( json.selected[0] ));
Expand Down Expand Up @@ -388,15 +388,15 @@ var MultiDatasetChoice = DatasetChoice.extend({
'<% if( json.showHeaders ){ %>',
'<thead><tr>',
'<% _.map( json.cells, function( val, key ){ %>',
'<th><%= val %></th>',
'<th><%- val %></th>',
'<% }); %>',
'</tr></thead>',
'<% } %>',
'<tbody>',
'<% _.map( json.selected, function( selected ){ %>',
'<tr>',
'<% _.map( json.cells, function( val, key ){ %>',
'<td class="cell-<%= key %>"><%= selected[ key ] %></td>',
'<td class="cell-<%- key %>"><%- selected[ key ] %></td>',
'<% }) %>',
'</tr>',
'<% }); %>',
Expand Down
14 changes: 7 additions & 7 deletions client/galaxy/scripts/mvc/dataset/dataset-li-edit.js
View file
Expand Up @@ -317,7 +317,7 @@ DatasetListItemEdit.prototype.templates = (function(){
'<% if( dataset.state === "failed_metadata" ){ %>',
'<div class="failed_metadata-warning warningmessagesmall">',
_l( 'An error occurred setting the metadata for this dataset' ),
'<br /><a href="<%= dataset.urls.edit %>" target="<%= view.linkTarget %>">',
'<br /><a href="<%- dataset.urls.edit %>" target="<%- view.linkTarget %>">',
_l( 'Set it manually or retry auto-detection' ),
'</a>',
'</div>',
Expand All @@ -343,9 +343,9 @@ DatasetListItemEdit.prototype.templates = (function(){

var visualizationsTemplate = BASE_MVC.wrapTemplate([
'<% if( visualizations.length === 1 ){ %>',
'<a class="visualization-btn visualization-link icon-btn" href="<%= visualizations[0].href %>"',
' target="<%= visualizations[0].target %>" title="', _l( 'Visualize in' ),
' <%= visualizations[0].html %>">',
'<a class="visualization-btn visualization-link icon-btn" href="<%- visualizations[0].href %>"',
' target="<%- visualizations[0].target %>" title="', _l( 'Visualize in' ),
' <%- visualizations[0].html %>">',
'<span class="fa fa-bar-chart-o"></span>',
'</a>',

Expand All @@ -356,9 +356,9 @@ DatasetListItemEdit.prototype.templates = (function(){
'</a>',
'<ul class="dropdown-menu" role="menu">',
'<% _.each( visualizations, function( visualization ){ %>',
'<li><a class="visualization-link" href="<%= visualization.href %>"',
' target="<%= visualization.target %>">',
'<%= visualization.html %>',
'<li><a class="visualization-link" href="<%- visualization.href %>"',
' target="<%- visualization.target %>">',
'<%- visualization.html %>',
'</a></li>',
'<% }); %>',
'</ul>',
Expand Down
2 changes: 1 addition & 1 deletion client/galaxy/scripts/mvc/dataset/dataset-li.js
View file
Expand Up @@ -471,7 +471,7 @@ DatasetListItemView.prototype.templates = (function(){
'<span class="display-application-location"><%- app.label %></span> ',
'<span class="display-application-links">',
'<% _.each( app.links, function( link ){ %>',
'<a target="<%= link.target %>" href="<%= link.href %>">',
'<a target="<%- link.target %>" href="<%- link.href %>">',
'<% print( _l( link.text ) ); %>',
'</a> ',
'<% }); %>',
Expand Down
2 changes: 1 addition & 1 deletion client/galaxy/scripts/mvc/history/copy-dialog.js
View file
Expand Up @@ -54,7 +54,7 @@ function historyCopyDialog( history, options ){
}

// maybe better as multiselect dialog?
var historyName = history.get( 'name' ),
var historyName = _.escape(history.get( 'name' )),
defaultCopyName = "Copy of '" + historyName + "'";

function copyHistory( name ){
Expand Down
4 changes: 2 additions & 2 deletions client/galaxy/scripts/mvc/history/history-panel.js
View file
Expand Up @@ -629,10 +629,10 @@ HistoryPanel.prototype.templates = (function(){
var controlsTemplate = BASE_MVC.wrapTemplate([
'<div class="controls">',
'<div class="title">',
'<div class="name"><%= history.name %></div>',
'<div class="name"><%- history.name %></div>',
'</div>',
'<div class="subtitle"></div>',
'<div class="history-size"><%= history.nice_size %></div>',
'<div class="history-size"><%- history.nice_size %></div>',

'<div class="actions"></div>',

Expand Down
6 changes: 3 additions & 3 deletions client/galaxy/scripts/mvc/history/multi-panel.js
View file
Expand Up @@ -1076,13 +1076,13 @@ var MultiPanelColumns = Backbone.View.extend( baseMVC.LoggableMixin ).extend({
'<div class="order btn-group">',
'<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown">',
_l( 'Order histories by' ) + ' ',
'<span class="current-order"><%= view.orderDescriptions[ view.collection.order ] %></span> ',
'<span class="current-order"><%- view.orderDescriptions[ view.collection.order ] %></span> ',
'<span class="caret"></span>',
'</button>',
'<ul class="dropdown-menu" role="menu">',
'<% _.each( view.orderDescriptions, function( text, order ){ %>',
'<li><a href="javascript:void(0);" class="set-order" data-order="<%= order %>">',
'<%= text %>',
'<li><a href="javascript:void(0);" class="set-order" data-order="<%- order %>">',
'<%- text %>',
'</a></li>',
'<% }); %>',
'</ul>',
Expand Down
18 changes: 9 additions & 9 deletions client/galaxy/scripts/mvc/job/job-li.js
View file
Expand Up @@ -121,7 +121,7 @@ JobListItemView.prototype.templates = (function(){

var elTemplate = BASE_MVC.wrapTemplate([
'<div class="list-element">',
'<div class="id"><%= model.id %></div>',
'<div class="id"><%- model.id %></div>',
// errors, messages, etc.
'<div class="warnings"></div>',

Expand Down Expand Up @@ -161,7 +161,7 @@ JobListItemView.prototype.templates = (function(){
// ' ', _l( 'Created' ), ': <%= new Date( job.create_time ).toString() %>, ',
//'</span',
//'<span class="version">',
// ' (', _l( 'version' ), ': <%= view.tool.version %>)',
// ' (', _l( 'version' ), ': <%- view.tool.version %>)',
//'</span',
'</div>'
], 'job' );
Expand All @@ -170,20 +170,20 @@ JobListItemView.prototype.templates = (function(){
'<div class="details">',
//'<div class="version">',
// '<label class="prompt">', _l( 'Version' ), '</label>',
// '<span class="value"><%= view.tool.version %></span>',
// '<span class="value"><%- view.tool.version %></span>',
//'</div>',
'<div class="params">',
'<% _.each( view._labelInputMap(), function( input, label ){ %>',
'<div class="input" data-input-name="<%= input.name %>" data-input-id="<%= input.id %>">',
'<label class="prompt"><%= label %></label>',
'<div class="input" data-input-name="<%- input.name %>" data-input-id="<%- input.id %>">',
'<label class="prompt"><%- label %></label>',
//TODO: input dataset name
'<span class="value"><%= input.content.name %></span>',
'<span class="value"><%- input.content.name %></span>',
'</div>',
'<% }) %>',
'<% _.each( view._labelParamMap(), function( param, label ){ %>',
'<div class="param" data-input-name="<%= param.name %>">',
'<label class="prompt"><%= label %></label>',
'<span class="value"><%= param %></span>',
'<div class="param" data-input-name="<%- param.name %>">',
'<label class="prompt"><%- label %></label>',
'<span class="value"><%- param %></span>',
'</div>',
'<% }) %>',
'</div>',
Expand Down
8 changes: 4 additions & 4 deletions client/galaxy/scripts/mvc/list/list-panel.js
View file
Expand Up @@ -802,9 +802,9 @@ ListPanel.prototype.templates = (function(){
var controlsTemplate = BASE_MVC.wrapTemplate([
'<div class="controls">',
'<div class="title">',
'<div class="name"><%= view.title %></div>',
'<div class="name"><%- view.title %></div>',
'</div>',
'<div class="subtitle"><%= view.subtitle %></div>',
'<div class="subtitle"><%- view.subtitle %></div>',
// buttons, controls go here
'<div class="actions"></div>',
// deleted msg, etc.
Expand Down Expand Up @@ -943,9 +943,9 @@ ModelListPanel.prototype.templates = (function(){
'<div class="controls">',
'<div class="title">',
//TODO: this is really the only difference - consider factoring titlebar out
'<div class="name"><%= model.name %></div>',
'<div class="name"><%- model.name %></div>',
'</div>',
'<div class="subtitle"><%= view.subtitle %></div>',
'<div class="subtitle"><%- view.subtitle %></div>',
'<div class="actions"></div>',
'<div class="messages"></div>',

Expand Down
2 changes: 1 addition & 1 deletion client/galaxy/scripts/mvc/ui/ui-select-default.js
View file
Expand Up @@ -259,7 +259,7 @@ var View = Backbone.View.extend({
/** Template for select options
*/
_templateOption: function(options) {
return '<option value="' + options.value + '">' + options.label + '</option>';
return '<option value="' + options.value + '">' + _.escape(options.label) + '</option>';
},

/** Template for select view
Expand Down
12 changes: 6 additions & 6 deletions client/toolshed/scripts/mvc/groups/group-detail-view.js
View file
Expand Up @@ -56,7 +56,7 @@ var GroupDetailView = Backbone.View.extend({
templateRow: function() {
return _.template([
'<div>',
'<h3><%= group.get("name") %></h3>',
'<h3><%= _.escape(group.get("name")) %></h3>',
'<p class="" style="color:gray;">',
'A group of <%= group.get("members").length %> members with <%= group.get("repositories").length %> repositories and a total of <%= group.get("total_downloads") %> combined repository clones.</p>',

Expand All @@ -71,10 +71,10 @@ var GroupDetailView = Backbone.View.extend({
'<% _.each(group.get("members"), function(member) { %>',
'<tr>',
'<td>',
'<%= member.username %>',
'<%= _.escape(member.username) %>',
'</td>',
'<td>',
'<a data-toggle="tooltip" data-placement="top" title="Repositories of <%= member.username %>" href="/repository/browse_repositories_by_user?user_id=<%= member.id %>&use_panels=true" id="<%= member.id %>"><%= member.user_repos_count %></a>',
'<a data-toggle="tooltip" data-placement="top" title="Repositories of <%= _.escape(member.username) %>" href="/repository/browse_repositories_by_user?user_id=<%= member.id %>&use_panels=true" id="<%= member.id %>"><%= member.user_repos_count %></a>',
'</td>',
'<td>',
'<%= member.time_created %>',
Expand All @@ -101,16 +101,16 @@ var GroupDetailView = Backbone.View.extend({
'<% _.each(group.get("repositories"), function(repo) { %>',
'<tr>',
'<td>',
'<a data-toggle="tooltip" data-placement="top" title="Details of <%= repo.name %>" href="/view/<%= repo.owner %>/<%= repo.name %>" id="<%= repo.id %>"><%= repo.name %></a>',
'<a data-toggle="tooltip" data-placement="top" title="Details of <%= _.escape(repo.name) %>" href="/view/<%= _.escape(repo.owner) %>/<%= _escape(repo.name) %>" id="<%= repo.id %>"><%= _.escape(repo.name) %></a>',
'</td>',
'<td>',
'<%= repo.description %>',
'<%= _.escape(repo.description) %>',
'</td>',
'<td>',
'<%= repo.times_downloaded %>',
'</td>',
'<td>',
'<%= repo.owner %>',
'<%= _.escape(repo.owner) %>',
'</td>',
'<td>',
'<% _.each((repo.categories), function(cat) { %>',
Expand Down
2 changes: 1 addition & 1 deletion client/toolshed/scripts/mvc/groups/group-listrow-view.js
View file
Expand Up @@ -19,7 +19,7 @@ var GroupListRowView = Backbone.View.extend({
templateRow: function() {
return _.template([
'<tr class="" data-id="<%- group.get("id") %>">',
'<td><a href="groups#/<%= group.get("id") %>"><%= group.get("name") %></a></td>',
'<td><a href="groups#/<%= group.get("id") %>"><%= _.escape(group.get("name")) %></a></td>',
// '<td>description</td>',
'<td><%= group.get("total_members") %></td>',
'<td><%= group.get("total_repos") %></td>',
Expand Down

0 comments on commit 0fdca7d

Please sign in to comment.