Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 978070: Do not use document.write() to insert HTML code

Browse Source 
r/a=justdave


git-svn-id: svn://10.0.0.236/trunk@265301 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
bzrmirror%bugzilla.org 2014-03-26 19:30:50 +00:00
parent b7c33fa015
commit f5c9a6502e
7 changed files with 60 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mozilla/webtools/bugzilla/.bzrrev
View File

@ -1 +1 @@
8968 8969

2
mozilla/webtools/bugzilla/.gitrev
View File

@ -1 +1 @@
fd518e1e24aa4b1164634ef5c432621f2c6bbb64 cf74a17e34f66ecdeb092f7b020bed95821a2492

51
mozilla/webtools/bugzilla/template/en/default/attachment/edit.html.tmpl
View File

@ -28,7 +28,7 @@
%] %]
[%# No need to display the Diff button and iframe if the attachment is not a patch. %] [%# No need to display the Diff button and iframe if the attachment is not a patch. %]
[% use_patchviewer = (feature_enabled('patch_viewer') && attachment.ispatch) %] [% use_patchviewer = (feature_enabled('patch_viewer') && attachment.ispatch) ? 1 : 0 %]
[% can_edit = attachment.validate_can_edit %] [% can_edit = attachment.validate_can_edit %]
[% editable_or_hide = can_edit ? "" : " bz_hidden_option" %] [% editable_or_hide = can_edit ? "" : " bz_hidden_option" %]
@ -202,30 +202,33 @@
<a href="attachment.cgi?id=[% attachment.id %]">View the attachment on a separate page</a>.</b> <a href="attachment.cgi?id=[% attachment.id %]">View the attachment on a separate page</a>.</b>
</iframe> </iframe>
[% END %] [% END %]
[% IF use_patchviewer %]
<iframe id="viewDiffFrame" class="bz_default_hidden"></iframe>
[% END %]
[% IF user.id %]
<button type="button" id="editButton" class="bz_default_hidden"
onclick="editAsComment([% use_patchviewer %]);">Edit Attachment As Comment</button>
<button type="button" id="undoEditButton" class="bz_default_hidden"
onclick="undoEditAsComment([% use_patchviewer %]);">Undo Edit As Comment</button>
<button type="button" id="redoEditButton" class="bz_default_hidden"
onclick="redoEditAsComment([% use_patchviewer %]);">Redo Edit As Comment</button>
[% END %]
[% IF use_patchviewer %]
<button type="button" id="viewDiffButton" class="bz_default_hidden"
onclick="viewDiff([% attachment.id %], [% use_patchviewer %]);">View Attachment As Diff</button>
[% END %]
<button type="button" id="viewRawButton" class="bz_default_hidden"
onclick="viewRaw([% use_patchviewer %]);">View Attachment As Raw</button>
<script type="text/javascript"> <script type="text/javascript">
<!-- [% IF user.id %]
var patchviewerinstalled = 0; document.getElementById('editFrame').disabled = false;
var attachment_id = [% attachment.id %]; YAHOO.util.Dom.removeClass("editButton", "bz_default_hidden");
if (typeof document.getElementById == "function") { [% END %]
[% IF use_patchviewer %] YAHOO.util.Dom.removeClass("viewDiffButton", "bz_default_hidden");
var patchviewerinstalled = 1;
document.write('<iframe id="viewDiffFrame" class="bz_default_hidden"><\/iframe>');
[% END %]
[% IF user.id %]
document.write('<button type="button" id="editButton" onclick="editAsComment(patchviewerinstalled);">Edit Attachment As Comment<\/button>');
document.write('<button type="button" id="undoEditButton" onclick="undoEditAsComment(patchviewerinstalled);" class="bz_default_hidden">Undo Edit As Comment<\/button>');
document.write('<button type="button" id="redoEditButton" onclick="redoEditAsComment(patchviewerinstalled);" class="bz_default_hidden">Redo Edit As Comment<\/button>');
var editFrame = document.getElementById('editFrame');
if (editFrame) {
editFrame.disabled = false;
}
[% END %]
[% IF use_patchviewer %]
document.write('<button type="button" id="viewDiffButton" onclick="viewDiff(attachment_id, patchviewerinstalled);">View Attachment As Diff<\/button>');
[% END %]
document.write('<button type="button" id="viewRawButton" onclick="viewRaw(patchviewerinstalled);" class="bz_default_hidden">View Attachment As Raw<\/button>');
}
//-->
</script> </script>
</div> </div>
[% ELSE %] [% ELSE %]

21
mozilla/webtools/bugzilla/template/en/default/bug/create/create-guided.html.tmpl
View File

@ -29,13 +29,12 @@ var descriptions = [
]; ];
function PutDescription() { function PutDescription() {
if ((document.getElementById) && (document.body.innerHTML)) { var description = document.getElementById('description');
var componentIndex = document.getElementById('component').selectedIndex; var componentIndex = document.getElementById('component').selectedIndex;
if (componentIndex != -1) { YAHOO.util.Dom.removeClass("description", "bz_default_hidden");
var description = document.getElementById('description'); if (componentIndex != -1) {
description.innerHTML = descriptions[componentIndex]; description.innerHTML = descriptions[componentIndex];
} }
}
} }
</script> </script>
@ -130,12 +129,8 @@ function PutDescription() {
[% END %] [% END %]
</select> </select>
<div id="description" class="comment"> <div id="description" class="comment bz_default_hidden">
<script type="text/javascript"> Select a component to see its description here.
if ((document.getElementById) && (document.body.innerHTML)) {
document.write("Select a component to see its description here.");
}
</script>
</div> </div>
<p> <p>

12
mozilla/webtools/bugzilla/template/en/default/global/code-error.html.tmpl
View File

@ -430,15 +430,9 @@
with details of what you were doing at the time this message appeared. with details of what you were doing at the time this message appeared.
</p> </p>
<samp> <p>
<script type="text/javascript"> <!-- <samp>URL: [% Bugzilla.cgi.self_url FILTER html %]</samp>
document.write("<p>URL: " + </p>
document.location.href.replace(/&/g,"&amp;")
.replace(/</g,"&lt;")
.replace(/>/g,"&gt;") + "</p>");
// -->
</script>
</samp>
<div id="error_msg" class="throw_error"> <div id="error_msg" class="throw_error">
[% error_message FILTER none %] [% error_message FILTER none %]

9
mozilla/webtools/bugzilla/template/en/default/list/edit-multiple.html.tmpl
View File

@ -10,6 +10,11 @@
<input type="hidden" name="dontchange" value="[% dontchange FILTER html %]"> <input type="hidden" name="dontchange" value="[% dontchange FILTER html %]">
<input type="hidden" name="token" value="[% token FILTER html %]"> <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="button" id="uncheck_all" value="Uncheck All"
class="bz_default_hidden" onclick="SetCheckboxes(false);">
<input type="button" id="check_all" value="Check All"
class="bz_default_hidden" onclick="SetCheckboxes(true);">
<script type="text/javascript"> <script type="text/javascript">
function SetCheckboxes(value) { function SetCheckboxes(value) {
var elements = document.forms.changeform.getElementsByTagName('input'), var elements = document.forms.changeform.getElementsByTagName('input'),
@ -22,8 +27,8 @@
} }
} }
} }
document.write(' <input type="button" name="uncheck_all" value="Uncheck All" onclick="SetCheckboxes(false);">'); YAHOO.util.Dom.removeClass("check_all", "bz_default_hidden");
document.write(' <input type="button" name="check_all" value="Check All" onclick="SetCheckboxes(true);">'); YAHOO.util.Dom.removeClass("uncheck_all", "bz_default_hidden");
</script> </script>
<hr> <hr>

21
mozilla/webtools/bugzilla/template/en/default/list/quips.html.tmpl
View File

@ -107,7 +107,15 @@
[% END %] [% END %]
</tbody> </tbody>
</table> </table>
<script type="text/javascript"><!--
<input type="button" id="uncheck_all" value="Uncheck All"
class="bz_default_hidden" onclick="SetCheckboxes(false);">
<input type="button" id="check_all" value="Check All"
class="bz_default_hidden" onclick="SetCheckboxes(true);">
<input type="submit" id="update" value="Save Changes">
<script type="text/javascript">
<!--
var numelements = document.forms.editform.elements.length; var numelements = document.forms.editform.elements.length;
function SetCheckboxes(value) { function SetCheckboxes(value) {
var item; var item;
@ -116,13 +124,10 @@
item.checked = value; item.checked = value;
} }
} }
document.write(' <input type="button" name="uncheck_all" ' YAHOO.util.Dom.removeClass("check_all", "bz_default_hidden");
+'value="Uncheck All" onclick="SetCheckboxes(false);">'); YAHOO.util.Dom.removeClass("uncheck_all", "bz_default_hidden");
document.write(' <input type="button" name="check_all" ' //-->
+'value="Check All" onclick="SetCheckboxes(true);">'); </script>
//--></script>
<input type="submit" id="update" value="Save Changes">
</form> </form>
<br> <br>
[% END %] [% END %]