bcbb8d33a61ae54020a12b2b34113a34c933eb29
galt
Tue Feb 14 23:00:00 2017 -0800
Adding convenience var arg functions jsInlineF and jsOnEventByIdF, suggested by Angie.
diff --git src/lib/cheapcgi.c src/lib/cheapcgi.c
index af5ef9a..53d6914 100644
--- src/lib/cheapcgi.c
+++ src/lib/cheapcgi.c
@@ -53,30 +53,40 @@
/* init if needed */
{
if (!jsInlineLines)
{
jsInlineLines = dyStringNew(1024);
}
}
void jsInline(char *javascript)
/* Add javascript text to output file or memory structure */
{
jsInlineInit(); // init if needed
dyStringAppend(jsInlineLines, javascript);
}
+void jsInlineF(char *format, ...)
+/* Add javascript text to output file or memory structure */
+{
+jsInlineInit(); // init if needed
+va_list args;
+va_start(args, format);
+dyStringVaPrintf(jsInlineLines, format, args);
+va_end(args);
+}
+
boolean jsInlineFinishCalled = FALSE;
void jsInlineFinish()
/* finish outputting accumulated inline javascript */
{
if (jsInlineFinishCalled)
{
// jsInlineFinish can be called multiple times when generating framesets or genomeSpace.
warn("jsInlineFinish() called already."); // TODO GALT
}
jsInlineInit(); // init if needed
printf("\n", getNonce(), jsInlineLines->string);
dyStringClear(jsInlineLines);
jsInlineFinishCalled = TRUE;
}
@@ -196,34 +206,43 @@
{
char *temp = cloneString(event);
tolowers(temp);
if (!sameString(temp, event))
warn("jsInline: javascript event %s should be given in lower-case", event);
event = temp;
if (!findJsEvent(event))
warn("jsInline: unknown javascript event %s", event);
freeMem (event);
}
void jsOnEventById(char *event, char *idText, char *jsText)
/* Add js mapping for inline event */
{
checkValidEvent(event);
-struct dyString *javascript = dyStringNew(1024); // TODO XSS Filter the idText?
-dyStringPrintf(javascript, "document.getElementById('%s').on%s = function() {%s};\n", idText, event, jsText);
-jsInline(javascript->string);
-dyStringFree(&javascript);
+jsInlineF("document.getElementById('%s').on%s = function() {%s};\n", idText, event, jsText);
+}
+
+void jsOnEventByIdF(char *event, char *idText, char *format, ...)
+/* Add js mapping for inline event */
+{
+checkValidEvent(event);
+jsInlineF("document.getElementById('%s').on%s = function() {", idText, event);
+va_list args;
+va_start(args, format);
+dyStringVaPrintf(jsInlineLines, format, args);
+va_end(args);
+jsInlineF("};\n");
}
//============ END of javascript inline-separation routines ===============
/* These three variables hold the parsed version of cgi variables. */
static char *inputString = NULL;
static unsigned long inputSize;
static struct hash *inputHash = NULL;
static struct cgiVar *inputList = NULL;
static boolean haveCookiesHash = FALSE;
static struct hash *cookieHash = NULL;
static struct cgiVar *cookieList = NULL;
@@ -1837,31 +1856,31 @@
if (width==0)
width=strlen(initialVal)*10;
if (width==0)
width = 100;
htmlPrintf("\n",
varName, varName, width, initialVal);
if (event)
jsOnEventById(event, varName, javascript);
}
void cgiMakeIntVarWithExtra(char *varName, int initialVal, int maxDigits, char *extra)
/* Make a text control filled with initial value and optional extra HTML. */
{
if (maxDigits == 0) maxDigits = 4;
-htmlPrintf("", // TODO XSS extra
+htmlPrintf("", // TODO XSS risk in extra
varName, maxDigits, initialVal, extra ? extra : "");
}
void cgiMakeIntVar(char *varName, int initialVal, int maxDigits)
/* Make a text control filled with initial value. */
{
cgiMakeIntVarWithExtra(varName, initialVal, maxDigits, NULL);
}
void cgiMakeIntVarInRange(char *varName, int initialVal, char *title, int width,
char *min, char *max)
/* Make a integer control filled with initial value.
If min and/or max are non-NULL will enforce range
Requires utils.js jQuery.js and inputBox class */
{