87300988042f9b370f257fddf5a3ae0d21662851 galt Sat Feb 4 00:12:53 2017 -0800 Fixes for early warning during ajax callback; fixes for early warning in js. Changed to not only parse to but strip out the CSP header and js-with-nonce leaving cleaner html -- should create fewer "surprises" for existing screen-scraping code. diff --git src/hg/js/subCfg.js src/hg/js/subCfg.js index 64c582a..23b3ede 100644 --- src/hg/js/subCfg.js +++ src/hg/js/subCfg.js @@ -492,86 +492,75 @@ } }); } if (count > 1) // if hasChanged() is working, there should never be more than one warn('DEBUG: Both composite and view are seen as updated! ' + 'Named update is not working.'); } }, currentCfg: undefined, // keep track of cfg while ajaxing, man currentSub: undefined, // keep track of subtrack while ajaxing, dude cfgFill: function (content, status) { // Finishes the population of a subtrack cfg. Called by ajax return. - var pageNonce = getNonce(); - - var ajaxNonce = stripNonce(content, false); - - var jsNonce = stripJsNonce(content, ajaxNonce, false);// DEBUG msg with true - var ix; var cfg = subCfg.currentCfg; subCfg.currentCfg = undefined; var cleanHtml = content; cleanHtml = stripJsFiles(cleanHtml,true); // DEBUG msg with true cleanHtml = stripCssFiles(cleanHtml,true); // DEBUG msg with true // Obsoleted by CSP2 nonce js? //cleanHtml = stripJsEmbedded(cleanHtml,true);// DEBUG msg with true + var nonceJs = {}; + cleanHtml = stripCSPAndNonceJs(cleanHtml, false, nonceJs); // DEBUG msg with true + if (subCfg.visIndependent) { ix = cleanHtml.indexOf('</SELECT>'); if (ix > 0) cleanHtml = cleanHtml.substring(ix+'</SELECT>'.length); while(cleanHtml.length > 0) { ix = cleanHtml.search("<"); cleanHtml = cleanHtml.substring(ix); ix = cleanHtml.search(/<BR\>/i); if (ix !== 0) break; // Not found or not at start. else cleanHtml = cleanHtml.substring(4); // skip past <BR> and continue } } else { ix = cleanHtml.indexOf('<B>Display mode: </B>'); if (ix > 0) // Excludes vis! cleanHtml = cleanHtml.substring(ix+'<B>Display mode: </B>'.length); } - //cleanHtml = cleanHtml.substring(ix); ix = cleanHtml.indexOf('</FORM>'); // start of form already chipped off if (ix > 0) cleanHtml = cleanHtml.substring(0,ix - 1); cleanHtml = "<div class='blueBox' style='background-color:#FFF9D2; padding:0.5em 1em 1em;'>" + cleanHtml + "</div>"; + $(cfg).html(cleanHtml); - // append ajax js blocks with nonce - for (i=0; i<jsNonce.length; ++i) { - var sTag = document.createElement("script"); - sTag.type = "text/javascript"; - sTag.text = jsNonce[i]; - sTag.setAttribute('nonce', pageNonce); // CSP2 Requires - document.head.appendChild(sTag); - } + appendNonceJsToPage(nonceJs); $(cfg).addClass('filled'); var boxWithin = $(cfg).find('.blueBox'); if (boxWithin.length > 1) $(boxWithin[1]).removeClass('blueBox'); - //$(cfg).html("<div style='font-size:.9em;'>" + cleanHtml + "</div>"); var subObjs = $(cfg).find('input,select').filter("[name]"); if (subObjs.length === 0) { warn('DEBUG: Did not find controls for cfg: ' + cfg.id); return; } $(subObjs).each(function (i) { if (this.name) { // The filter("[name]") above didn't do it! if (this.type !== 'hidden') { subCfg.inheritSetting(this,false); // updates any values that have been changed var suffix = subCfg.objSuffixGet(this); // on this page if (suffix && suffix.length > 0) $(this).change( subCfg.markChange ); else warn("DEBUG: couldn't find suffix for subtrack control: "+this.name); }