Fossil SCM

Moved remaining inline event handlers to script block with nonce (to avoid CSP problems). Finishes changes started in [543cdd47].

vor0nwe 2018-10-19 17:53 trunk

Commit bab6720aaa7868c18f6359fffa9981a9b127b09ba9065af7534a7963439a9c2a

Parent 724ccc46f2cba9a…

1 file changed +14 -6

~ src/wiki.c

M src/wiki.c

+14 -6

		--- src/wiki.c
		+++ src/wiki.c
		@@ -604,12 +604,11 @@
604	604	mimetype_option_menu(zMimetype);
605	605	@ <br /><textarea name="w" class="wikiedit" cols="80"
606	606	@ rows="%d(n)" wrap="virtual">%h(zBody)</textarea>
607	607	@ <br />
608	608	if( db_get_boolean("wysiwyg-wiki", 0) ){
609		- @ <input type="submit" name="edit-wysiwyg" value="Wysiwyg Editor"
610		- @ onclick='return confirm("Switching to WYSIWYG-mode\nwill erase your markup\nedits. Continue?")' />
	609	+ @ <input type="submit" name="edit-wysiwyg" value="Wysiwyg Editor" />
611	610	}
612	611	@ <input type="submit" name="preview" value="Preview Your Changes" />
613	612	}else{
614	613	/* Wysiwyg editing */
615	614	Blob html, temp;
		@@ -622,19 +621,28 @@
622	621	htmlTidy(blob_str(&temp), &html);
623	622	blob_reset(&temp);
624	623	wysiwygEditor("w", blob_str(&html), 60, n);
625	624	blob_reset(&html);
626	625	@ <br />
627		- @ <input type="submit" name="edit-markup" value="Markup Editor"
628		- @ onclick='return confirm("Switching to markup-mode\nwill erase your WYSIWYG\nedits. Continue?")' />
	626	+ @ <input type="submit" name="edit-markup" value="Markup Editor" />
629	627	}
630	628	login_insert_csrf_secret();
631	629	@ <input type="submit" name="submit" value="Apply These Changes" />
632	630	@ <input type="hidden" name="name" value="%h(zPageName)" />
633		- @ <input type="submit" name="cancel" value="Cancel"
634		- @ onclick='confirm("Abandon your changes?")' />
	631	+ @ <input type="submit" name="cancel" value="Cancel" />
635	632	@ </div>
	633	+ @ <script nonce="%h(style_nonce())">
	634	+ @ confirmOnClick("edit-wysiwyg", "Switching to WYSIWYG-mode\nwill erase your markup edits.\n\nContinue?");
	635	+ @ confirmOnClick("edit-markup", "Switching to markup-mode\nwill erase your WYSIWYG edits.\n\nContinue?");
	636	+ @ confirmOnClick("cancel", "Abandon your changes?");
	637	+ @ function confirmOnClick(inputName, message) {
	638	+ @ var inputs = document.getElementsByName(inputName);
	639	+ @ for (var i = 0; i < inputs.length; i++) {
	640	+ @ inputs[i].onclick = function() { return confirm(message); }
	641	+ @ }
	642	+ @ }
	643	+ @ </script>
636	644	captcha_generate(0);
637	645	@ </form>
638	646	manifest_destroy(pWiki);
639	647	blob_reset(&wiki);
640	648	style_footer();
641	649

	--- src/wiki.c
	+++ src/wiki.c
	@@ -604,12 +604,11 @@
604	mimetype_option_menu(zMimetype);
605	@ <br /><textarea name="w" class="wikiedit" cols="80"
606	@ rows="%d(n)" wrap="virtual">%h(zBody)</textarea>
607	@ <br />
608	if( db_get_boolean("wysiwyg-wiki", 0) ){
609	@ <input type="submit" name="edit-wysiwyg" value="Wysiwyg Editor"
610	@ onclick='return confirm("Switching to WYSIWYG-mode\nwill erase your markup\nedits. Continue?")' />
611	}
612	@ <input type="submit" name="preview" value="Preview Your Changes" />
613	}else{
614	/* Wysiwyg editing */
615	Blob html, temp;
	@@ -622,19 +621,28 @@
622	htmlTidy(blob_str(&temp), &html);
623	blob_reset(&temp);
624	wysiwygEditor("w", blob_str(&html), 60, n);
625	blob_reset(&html);
626	@ <br />
627	@ <input type="submit" name="edit-markup" value="Markup Editor"
628	@ onclick='return confirm("Switching to markup-mode\nwill erase your WYSIWYG\nedits. Continue?")' />
629	}
630	login_insert_csrf_secret();
631	@ <input type="submit" name="submit" value="Apply These Changes" />
632	@ <input type="hidden" name="name" value="%h(zPageName)" />
633	@ <input type="submit" name="cancel" value="Cancel"
634	@ onclick='confirm("Abandon your changes?")' />
635	@ </div>











636	captcha_generate(0);
637	@ </form>
638	manifest_destroy(pWiki);
639	blob_reset(&wiki);
640	style_footer();
641

	--- src/wiki.c
	+++ src/wiki.c
	@@ -604,12 +604,11 @@
604	mimetype_option_menu(zMimetype);
605	@ <br /><textarea name="w" class="wikiedit" cols="80"
606	@ rows="%d(n)" wrap="virtual">%h(zBody)</textarea>
607	@ <br />
608	if( db_get_boolean("wysiwyg-wiki", 0) ){
609	@ <input type="submit" name="edit-wysiwyg" value="Wysiwyg Editor" />

610	}
611	@ <input type="submit" name="preview" value="Preview Your Changes" />
612	}else{
613	/* Wysiwyg editing */
614	Blob html, temp;
	@@ -622,19 +621,28 @@
621	htmlTidy(blob_str(&temp), &html);
622	blob_reset(&temp);
623	wysiwygEditor("w", blob_str(&html), 60, n);
624	blob_reset(&html);
625	@ <br />
626	@ <input type="submit" name="edit-markup" value="Markup Editor" />

627	}
628	login_insert_csrf_secret();
629	@ <input type="submit" name="submit" value="Apply These Changes" />
630	@ <input type="hidden" name="name" value="%h(zPageName)" />
631	@ <input type="submit" name="cancel" value="Cancel" />

632	@ </div>
633	@ <script nonce="%h(style_nonce())">
634	@ confirmOnClick("edit-wysiwyg", "Switching to WYSIWYG-mode\nwill erase your markup edits.\n\nContinue?");
635	@ confirmOnClick("edit-markup", "Switching to markup-mode\nwill erase your WYSIWYG edits.\n\nContinue?");
636	@ confirmOnClick("cancel", "Abandon your changes?");
637	@ function confirmOnClick(inputName, message) {
638	@ var inputs = document.getElementsByName(inputName);
639	@ for (var i = 0; i < inputs.length; i++) {
640	@ inputs[i].onclick = function() { return confirm(message); }
641	@ }
642	@ }
643	@ </script>
644	captcha_generate(0);
645	@ </form>
646	manifest_destroy(pWiki);
647	blob_reset(&wiki);
648	style_footer();
649

Fossil SCM

Keyboard Shortcuts