XWIKI-19857: Modernize the menu macro and add escaping

xwiki · Jun 30, 2022 · 2fc2089 · 2fc2089
1 parent d909950
commit 2fc2089
Showing 1 changed file with 38 additions and 15 deletions.
diff --git a/...orm-core/xwiki-platform-menu/xwiki-platform-menu-ui/src/main/resources/Menu/MenuMacro.xml b/...orm-core/xwiki-platform-menu/xwiki-platform-menu-ui/src/main/resources/Menu/MenuMacro.xml
@@ -20,7 +20,7 @@
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 -->
 
-<xwikidoc version="1.3" reference="Menu.MenuMacro" locale="">
+<xwikidoc version="1.5" reference="Menu.MenuMacro" locale="">
   <web>Menu</web>
   <name>MenuMacro</name>
   <language/>
@@ -41,15 +41,21 @@
 = Horizontal Menu =
 
 {{velocity}}
+#set ($menuTemplateDoc = $xwiki.getDocument('MenuTemplate'))
 {{code language="none"}}
 {{menu type="horizontal fixedWidth"}}
-$xwiki.getDocument('MenuTemplate').content
+## No way to escape content in the code macro, so just remove {, see https://jira.xwiki.org/browse/XRENDERING-13.
+$menuTemplateDoc.content.replace('{', '')
 {{/menu}}
 {{/code}}
 {{/velocity}}
 
 {{menu type="horizontal fixedWidth"}}
-{{include reference="MenuTemplate" /}}
+{{velocity}}
+## Include the content of the menu template.
+## Escape {{ in the rendered content to be sure that the HTML macro is not closed unintentionally.
+{{html}}$menuTemplateDoc.displayDocument().replace('{{', '&amp;amp;#123;&amp;amp;#123;'){{/html}}
+{{/velocity}}
 {{/menu}}
 
 = Vertical Menu =
@@ -63,7 +69,11 @@ $xwiki.getDocument('MenuTemplate').content
 {{/velocity}}
 
 {{menu type="vertical"}}
-{{include reference="MenuTemplate" /}}
+{{velocity}}
+## Include the content of the menu template.
+## Escape {{ in the rendered content to be sure that the HTML macro is not closed unintentionally.
+{{html}}$menuTemplateDoc.displayDocument().replace('{{', '&amp;amp;#123;&amp;amp;#123;'){{/html}}
+{{/velocity}}
 {{/menu}}</content>
   <object>
     <name>Menu.MenuMacro</name>
@@ -962,7 +972,7 @@ $xwiki.getDocument('MenuTemplate').content
         <displayFormType>select</displayFormType>
         <displayType/>
         <name>async_cached</name>
-        <number>12</number>
+        <number>13</number>
         <prettyName>Cached</prettyName>
         <unmodifiable>0</unmodifiable>
         <classType>com.xpn.xwiki.objects.classes.BooleanClass</classType>
@@ -975,14 +985,14 @@ $xwiki.getDocument('MenuTemplate').content
         <largeStorage>0</largeStorage>
         <multiSelect>1</multiSelect>
         <name>async_context</name>
-        <number>13</number>
+        <number>14</number>
         <prettyName>Context elements</prettyName>
         <relationalStorage>0</relationalStorage>
-        <separator> </separator>
+        <separator>, </separator>
         <separators>|, </separators>
         <size>5</size>
         <unmodifiable>0</unmodifiable>
-        <values>doc.reference=Document|icon.theme=Icon theme|locale=Language|request.base=Request base URL|request.parameters=Request parameters|request.url=Request URL|request.wiki=Request wiki|user=User|wiki=Wiki</values>
+        <values>action=Action|doc.reference=Document|icon.theme=Icon theme|locale=Language|rendering.defaultsyntax=Default syntax|rendering.restricted=Restricted|rendering.targetsyntax=Target syntax|request.base=Request base URL|request.cookies|request.parameters=Request parameters|request.url=Request URL|request.wiki=Request wiki|user=User|wiki=Wiki</values>
         <classType>com.xpn.xwiki.objects.classes.StaticListClass</classType>
       </async_context>
       <async_enabled>
@@ -991,7 +1001,7 @@ $xwiki.getDocument('MenuTemplate').content
         <displayFormType>select</displayFormType>
         <displayType/>
         <name>async_enabled</name>
-        <number>11</number>
+        <number>12</number>
         <prettyName>Asynchronous rendering</prettyName>
         <unmodifiable>0</unmodifiable>
         <classType>com.xpn.xwiki.objects.classes.BooleanClass</classType>
@@ -1096,6 +1106,16 @@ $xwiki.getDocument('MenuTemplate').content
         <unmodifiable>0</unmodifiable>
         <classType>com.xpn.xwiki.objects.classes.StringClass</classType>
       </name>
+      <priority>
+        <disabled>0</disabled>
+        <name>priority</name>
+        <number>11</number>
+        <numberType>integer</numberType>
+        <prettyName>Priority</prettyName>
+        <size>10</size>
+        <unmodifiable>0</unmodifiable>
+        <classType>com.xpn.xwiki.objects.classes.NumberClass</classType>
+      </priority>
       <supportsInlineMode>
         <disabled>0</disabled>
         <displayFormType>select</displayFormType>
@@ -1149,21 +1169,21 @@ $xwiki.getDocument('MenuTemplate').content
   (% role="navigation" class="menu-horizontal-toggle" %)(((
     (% class="navbar-header" %)(((
       {{html}}
-        &lt;button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#$!{id}" aria-expanded="false"&gt;
+        &lt;button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#$!{escapetool.xml($id)}" aria-expanded="false"&gt;
           &lt;span class="sr-only"&gt;&lt;/span&gt;
           &lt;span class="icon-bar"&gt;&lt;/span&gt;
           &lt;span class="icon-bar"&gt;&lt;/span&gt;
           &lt;span class="icon-bar"&gt;&lt;/span&gt;
         &lt;/button&gt;
       {{/html}}
     )))
-    (% id="${id}" class="menu menu-$!type collapse navbar-collapse" %)(((
-      $xcontext.macro.content
+    (% id="$!{services.rendering.escape($id, 'xwiki/2.1')}" class="menu menu-${services.rendering.escape($!type, 'xwiki/2.1')} collapse navbar-collapse" %)(((
+      {{wikimacrocontent/}}
     )))
   )))
 #else
-  (% #if ("$!id" != '') id="$id"#end class="menu menu-$!type" %)(((
-    $xcontext.macro.content
+  (% #if ("$!id" != '') id="${services.rendering.escape($id, 'xwiki/2.1')}"#end class="menu menu-${services.rendering.escape($!type, 'xwiki/2.1')}" %)(((
+    {{wikimacrocontent/}}
   )))
 #end
 {{/velocity}}</code>
@@ -1172,7 +1192,7 @@ $xwiki.getDocument('MenuTemplate').content
       <contentDescription>Define the menu structure using wiki syntax. Each menu item should be a list item and should contain the menu item label or link. You can use nested lists for sub-menu items.</contentDescription>
     </property>
     <property>
-      <contentJavaType/>
+      <contentJavaType>Wiki</contentJavaType>
     </property>
     <property>
       <contentType>Mandatory</contentType>
@@ -1189,6 +1209,9 @@ $xwiki.getDocument('MenuTemplate').content
     <property>
       <name>Menu</name>
     </property>
+    <property>
+      <priority/>
+    </property>
     <property>
       <supportsInlineMode>0</supportsInlineMode>
     </property>