src/hg/hgGtexTrackSettings/hgGtexTrackSettings.c 3eb3e3814708879cc95ec61b4010d3d65c0ebb6b

3eb3e3814708879cc95ec61b4010d3d65c0ebb6b
kate
  Thu Feb 9 17:52:03 2017 -0800
Add CSP compliance (mostly working). refs #18538

diff --git src/hg/hgGtexTrackSettings/hgGtexTrackSettings.c src/hg/hgGtexTrackSettings/hgGtexTrackSettings.c
index 68738c3..00f5bef 100644
--- src/hg/hgGtexTrackSettings/hgGtexTrackSettings.c
+++ src/hg/hgGtexTrackSettings/hgGtexTrackSettings.c
@@ -234,71 +234,93 @@
 and a lower panel with a tissue selection list.
 */
 {
 puts(
 "<!-- Track Configuration Panels -->\n"
 "    <div class='row'>\n"
 "        <div class='col-md-6'>\n");
 printConfigPanel(tdb);
 printTissueTable(tdb);
 puts(
 "        </div>\n"
 "        <div class='col-md-6'>\n");
 printBodyMap();
 puts(
 "        </div>\n"
-"    </div>\n");
+"    </div>\n"
+);
+}
+
+static void onclickJumpToTop(char *id)
+/* CSP-safe click handler arrows that cause scroll to top */
+{
+char javascript[1024];
+safef(javascript, sizeof javascript, "$('html,body').scrollTop(0);");
+jsOnEventById("click", id, javascript);
 }
 
 static void printDataInfo(char *db, struct trackDb *tdb)
 {
 puts(
 "<a name='INFO_SECTION'></a>\n"
 "    <div class='row gbSectionBanner'>\n"
 "        <div class='col-md-11'>Data Information</div>\n"
 "        <div class='col-md-1'>\n"
-// TODO: move click handler to JS
-"            <i title='Jump to top of page' onclick=\"$('html,body').scrollTop(0);\" "
-"                class='gbIconArrow fa fa-lg fa-arrow-circle-up'></i>\n"
+);
+#define DATA_INFO_JUMP_ARROW_ID    "hgGtexDataInfo_jumpArrow"
+printf(
+"            <i id='%s' title='Jump to top of page' \n"
+"               class='gbIconArrow fa fa-lg fa-arrow-circle-up'></i>\n",
+DATA_INFO_JUMP_ARROW_ID
+);
+onclickJumpToTop(DATA_INFO_JUMP_ARROW_ID);
+puts(
 "       </div>\n"
 "    </div>\n"
 );
 puts(
 "    <div class='row gbTrackDescriptionPanel'>\n"
 "       <div class='gbTrackDescription'>\n");
 puts("<div class='dataInfo'>");
 printUpdateTime(db, tdb, NULL);
 puts("</div>");
 
 puts("<div class='dataInfo'>");
 makeSchemaLink(db, tdb, "View table schema");
 puts("</div>");
 
 puts(
 "     </div>\n"
 "   </div>\n");
 }
 
 static void printTrackDescription(struct trackDb *tdb)
 {
 puts(
 "<a name='TRACK_HTML'></a>\n"
 "    <div class='row gbSectionBanner'>\n"
 "        <div class='col-md-11'>Track Description</div>\n"
 "        <div class='col-md-1'>\n"
-"            <i title='Jump to top of page' onclick=\"$('html,body').scrollTop(0);\" "
-"               class='gbIconArrow fa fa-lg fa-arrow-circle-up'></i>\n"
+);
+#define TRACK_INFO_JUMP_ARROW_ID    "hgGtexTrackInfo_jumpArrow"
+printf(
+"            <i id='%s' title='Jump to top of page' \n"
+"               class='gbIconArrow fa fa-lg fa-arrow-circle-up'></i>\n",
+TRACK_INFO_JUMP_ARROW_ID
+);
+onclickJumpToTop(TRACK_INFO_JUMP_ARROW_ID);
+puts(
 "       </div>\n"
 "    </div>\n"
 "    <div class='row gbTrackDescriptionPanel'>\n"
 "       <div class='gbTrackDescription'>\n");
 puts(tdb->html);
 puts(
 "       </div>\n"
 "   </div>\n");
 }
 
 static struct trackDb *getTrackDb(char *db, char *track)
 /* Check if this is an assembly with GTEx track and get trackDb */
 {
 struct sqlConnection *conn = sqlConnect(db);
 if (conn == NULL)