87300988042f9b370f257fddf5a3ae0d21662851
galt
Sat Feb 4 00:12:53 2017 -0800
Fixes for early warning during ajax callback; fixes for early warning in js. Changed to not only parse to but strip out the CSP header and js-with-nonce leaving cleaner html -- should create fewer "surprises" for existing screen-scraping code.
diff --git src/hg/js/hgTracks.js src/hg/js/hgTracks.js
index 1290433..3a861e4 100644
--- src/hg/js/hgTracks.js
+++ src/hg/js/hgTracks.js
@@ -3197,35 +3197,40 @@
{ // When popup closes with ok
},
uiDialog: function (response, status)
{
// Take html from hgTracks and put it up as a modal dialog.
// make sure all links (e.g. help links) open up in a new window
response = response.replace(/"+ cleanHtml +"");
+ appendNonceJsToPage(nonceJs);
+
// Strategy for popups with js:
// - jsFiles and CSS should not be included in html. Here they are shluped out.
// - The resulting files ought to be loadable dynamically (with getScript()),
// but this was not working nicely with the modal dialog
// Therefore include files must be included with hgTracks CGI !
// - embedded js should not be in the popup box.
// - Somethings should be in a popup.ready() function, and this is emulated below,
// as soon as the cleanHtml is added
// Since there are many possible popup cfg dialogs, the ready should be all inclusive.
// -- popup.ready() -- Here is the place to do things that might otherwise go
// into a $('#pop').ready() routine!
// Searching for some semblance of size suitability
@@ -3464,55 +3469,44 @@
var urlData = cart.varsToUrlData(changedVars);
if (imageV2.mapIsUpdateable) {
imageV2.requestImgUpdate(trackName,urlData,"");
} else {
window.location = "../cgi-bin/hgTracks?" + urlData + "&hgsid=" + getHgsid();
}
}
}
}
},
uiDialog: function (response, status)
{
// Take html from hgTrackUi and put it up as a modal dialog.
- var pageNonce = getNonce();
-
- var ajaxNonce = stripNonce(response, false);
-
- var jsNonce = stripJsNonce(response, ajaxNonce, false);// DEBUG msg with true
-
// make sure all links (e.g. help links) open up in a new window
response = response.replace(/"+ cleanHtml +"");
- // append ajax js blocks with nonce
- var i;
- for (i=0; i