1a0fe31189d4bbaeccc42b8f34fe12e876e189d7 galt Fri Feb 3 10:09:59 2017 -0800 removing debugging and old CSP1 stuff. diff --git src/hg/js/hgTracks.js src/hg/js/hgTracks.js index 9c71faa..1290433 100644 --- src/hg/js/hgTracks.js +++ src/hg/js/hgTracks.js @@ -479,54 +479,30 @@ { // code to update page when user changes assembly select list. $.ajax({ type: "GET", url: "../cgi-bin/hgApi", data: cart.varsToUrlData({ 'cmd': 'defaultPos', 'db': getDb() }), dataType: "html", trueSuccess: genomePos.handleChange, success: catchErrorOrDispatch, error: errorHandler, cache: true }); return false; }, - inlineJs : "", - - getInlineJs: function (response, status) - { - //alert("genomePos.getInlineJs called!"); // DEBUG REMOVE - genomePos.inlineJs = response; - }, - - fetchInlineJs: function (url) - { // code to fetch temp file with inline js in it. // OBSOLETE CSP1 - $.ajax({ - type: "GET", - async: false, // wait for result - url: url, - dataType: "html", - trueSuccess: genomePos.getInlineJs, - success: catchErrorOrDispatch, - error: errorHandler, - cache: false - }); - return genomePos.inlineJs; - }, - - convertedVirtCoords : {chromStart : -1, chromEnd : -1}, handleConvertChromPosToVirtCoords: function (response, status) { var virtStart = -1, virtEnd = -1; var newJson = scrapeVariable(response, "convertChromToVirtChrom"); if (!newJson) { warn("convertChromToVirtChrom object is missing from the response"); } else { virtStart = newJson.virtWinStart; virtEnd = newJson.virtWinEnd; } genomePos.convertedVirtCoords = {chromStart : virtStart, chromEnd : virtEnd}; }, @@ -3489,57 +3465,52 @@ if (imageV2.mapIsUpdateable) { imageV2.requestImgUpdate(trackName,urlData,""); } else { window.location = "../cgi-bin/hgTracks?" + urlData + "&hgsid=" + getHgsid(); } } } } }, uiDialog: function (response, status) { // Take html from hgTrackUi and put it up as a modal dialog. var pageNonce = getNonce(); - alert('pageNonce='+pageNonce); // DEBUG REMOVE var ajaxNonce = stripNonce(response, false); - alert('ajaxNonce='+ajaxNonce); // DEBUG REMOVE var jsNonce = stripJsNonce(response, ajaxNonce, false);// DEBUG msg with true // make sure all links (e.g. help links) open up in a new window response = response.replace(/<a /ig, "<a target='_blank' "); var cleanHtml = response; cleanHtml = stripJsFiles(cleanHtml,false); // DEBUG msg with true cleanHtml = stripCssFiles(cleanHtml,false); // DEBUG msg with true cleanHtml = stripJsEmbedded(cleanHtml,false);// DEBUG msg with true //alert(cleanHtml); // DEBUG REMOVE $('#hgTrackUiDialog').html("<div id='pop' style='font-size:.9em;'>"+ cleanHtml +"</div>"); // append ajax js blocks with nonce var i; for (i=0; i<jsNonce.length; ++i) { var sTag = document.createElement("script"); sTag.type = "text/javascript"; sTag.text = jsNonce[i]; sTag.setAttribute('nonce', pageNonce); // CSP2 Requires - - alert("about to call appendChild on:\n"+jsNonce[i]); - document.head.appendChild(sTag); } // Strategy for popups with js: // - jsFiles and CSS should not be included in html. Here they are shluped out. // - The resulting files ought to be loadable dynamically (with getScript()), // but this was not working nicely with the modal dialog // Therefore include files must be included with hgTracks CGI ! // - embedded js should not be in the popup box. // - Somethings should be in a popup.ready() function, and this is emulated below, // as soon as the cleanHtml is added // Since there are many possible popup cfg dialogs, the ready should be all inclusive. if ( ! popUp.trackDescriptionOnly ) { // If subtrack then vis rules differ @@ -3954,66 +3925,32 @@ } window.location.assign(url); return false; } document.TrackHeaderForm.submit(); }, updateImgAndMap: function (response, status) { // Handle ajax response with an updated trackMap image, map and optional ideogram. // and maybe the redLines background too. // this.cmd can be used to figure out which menu item triggered this. // this.id === appropriate track if we are retrieving just a single track. // update local hgTracks.trackDb to reflect possible side-effects of ajax request. - // alert("response=["+response+"]"); // DEBUG GALT REMOVE - var newJson = scrapeVariable(response, "hgTracks"); - // added by GALT for CSP/XSS - if (!newJson) { - // OLD CSP1 way not using now? - var strippedJsFiles = {}; - stripJsFiles(response, false, strippedJsFiles); - //alert(strippedJsFiles.toSource()); // DEBUG GALT FF ONLY - //alert("strippedJsFiles.jsFiles="+strippedJsFiles.jsFiles+""); // DEBUG GALT REMOVE - var inlinePath = ""; - var i, len; - if (strippedJsFiles.jsFiles) { - for (i = 0, len = strippedJsFiles.jsFiles.length; i < len; ++i) { - //alert(strippedJsFiles.jsFiles[i]); // DEBUG REMOVE - var srcPattern="<script type='text/javascript' SRC='(.*)'></script>"; - var reg = new RegExp(srcPattern); - var a = reg.exec(strippedJsFiles.jsFiles[i]); - if (a && a[1]) { - if (a[1].match("inline")) { - inlinePath = a[1]; - //alert("SRC found: "+a[1]); // DEBUG REMOVE - } - } - } - } - if (inlinePath !== "") { - //alert("inlinePath found: "+inlinePath); // DEBUG REMOVE - var js = genomePos.fetchInlineJs(inlinePath); - //alert(js); // DEBUG REMOVE - response += ("<script type='text/javascript'>"+js+"</script>"); - newJson = scrapeVariable(response, "hgTracks"); - } - } - //alert(JSON.stringify(newJson)); // DEBUG Example var oldJson = hgTracks; var valid = false; if (!newJson) { var stripped = {}; stripJsEmbedded(response, true, stripped); if ( ! stripped.warnMsg ) warn("hgTracks object is missing from the response"); } else { if (this.id) { if (newJson.trackDb[this.id]) { var visibility = vis.enumOrder[newJson.trackDb[this.id].visibility]; var limitedVis; if (newJson.trackDb[this.id].limitedVis)