97e8b7ff52a2f4fb0b62d7015aab593346bc3a65 galt Fri Feb 3 11:48:36 2017 -0800 stripJsEmbedded is probably obsolete. diff --git src/hg/js/subCfg.js src/hg/js/subCfg.js index ad712cb..64c582a 100644 --- src/hg/js/subCfg.js +++ src/hg/js/subCfg.js @@ -1,16 +1,16 @@ -// subCfg the subtrack Configureation module (scm) for hgTrackUi +// subCfg the subtrack Configuration module (scm) for hgTrackUi // // This module is for subtrack level config embedded dialogs in hgTrackUi. // Subtrack config dialogs are embedded in the subtrack table and get populated when first // opened. Composite and view level controls (parents) when updated override related // subtrack controls (children). Subtrack controls, when updated overide parent controls // for the one subtrack. Controls wil get class 'changed' added when changes are made. // When the form is submitted, all controls not marked as "changed" will be unnamed and will // therefore not make it into the cart. // Definitions as used here: // obj: an input or select style html control which may be marked as "changed" // parentObj: composite or view level obj which has subtrack level childObjs associated // childObj: subtrack level obj that has composite and or view level parentObjs // cfg: subtrack level embedded dialog which can be opened or closed (hidden) and isn't // populated till first opened. Can also be a viewCfg and maybe a compositeCfg @@ -491,63 +491,81 @@ count++; } }); } if (count > 1) // if hasChanged() is working, there should never be more than one warn('DEBUG: Both composite and view are seen as updated! ' + 'Named update is not working.'); } }, currentCfg: undefined, // keep track of cfg while ajaxing, man currentSub: undefined, // keep track of subtrack while ajaxing, dude cfgFill: function (content, status) { // Finishes the population of a subtrack cfg. Called by ajax return. + + var pageNonce = getNonce(); + + var ajaxNonce = stripNonce(content, false); + + var jsNonce = stripJsNonce(content, ajaxNonce, false);// DEBUG msg with true + var ix; var cfg = subCfg.currentCfg; subCfg.currentCfg = undefined; var cleanHtml = content; cleanHtml = stripJsFiles(cleanHtml,true); // DEBUG msg with true cleanHtml = stripCssFiles(cleanHtml,true); // DEBUG msg with true - cleanHtml = stripJsEmbedded(cleanHtml,true);// DEBUG msg with true + // Obsoleted by CSP2 nonce js? + //cleanHtml = stripJsEmbedded(cleanHtml,true);// DEBUG msg with true if (subCfg.visIndependent) { ix = cleanHtml.indexOf(''); if (ix > 0) cleanHtml = cleanHtml.substring(ix+''.length); while(cleanHtml.length > 0) { ix = cleanHtml.search("<"); cleanHtml = cleanHtml.substring(ix); ix = cleanHtml.search(//i); if (ix !== 0) break; // Not found or not at start. else cleanHtml = cleanHtml.substring(4); // skip past
and continue } } else { ix = cleanHtml.indexOf('Display mode: '); if (ix > 0) // Excludes vis! cleanHtml = cleanHtml.substring(ix+'Display mode: '.length); } //cleanHtml = cleanHtml.substring(ix); ix = cleanHtml.indexOf(''); // start of form already chipped off if (ix > 0) cleanHtml = cleanHtml.substring(0,ix - 1); cleanHtml = "
" + cleanHtml + "
"; $(cfg).html(cleanHtml); + + // append ajax js blocks with nonce + for (i=0; i 1) $(boxWithin[1]).removeClass('blueBox'); //$(cfg).html("
" + cleanHtml + "
"); var subObjs = $(cfg).find('input,select').filter("[name]"); if (subObjs.length === 0) { warn('DEBUG: Did not find controls for cfg: ' + cfg.id); return; } $(subObjs).each(function (i) { if (this.name) { // The filter("[name]") above didn't do it! if (this.type !== 'hidden') { subCfg.inheritSetting(this,false); // updates any values that have been changed