af730d9e24c0642fe39657f890bc117ed015ccbf galt Wed Feb 15 01:12:26 2017 -0800 CSP code cleanup. Using new var-args versions of functions jsInlineF and jsOnEventByIdF to avoid using lots of fixed-size local javascript strings. diff --git src/hg/hgTrackUi/hgTrackUi.c src/hg/hgTrackUi/hgTrackUi.c index 3e299be..a7f855a 100644 --- src/hg/hgTrackUi/hgTrackUi.c +++ src/hg/hgTrackUi/hgTrackUi.c @@ -2737,67 +2737,63 @@ void superTrackUi(struct trackDb *superTdb, struct trackDb *tdbList) /* List tracks in this collection, with visibility controls and UI links */ { jsIncludeFile("hui.js",NULL); printf("\n

"); tdbRefSortPrioritiesFromCart(cart, &superTdb->children); struct slRef *childRef; char javascript[1024]; for (childRef = superTdb->children; childRef != NULL; childRef = childRef->next) { struct trackDb *tdb = childRef->val; if (childRef == superTdb->children) // first time through { printf("\n\n"); } printf("\n\n\n"); printf(""); } @@ -3274,34 +3270,32 @@ if (!ajax) { printf(" "); cgiMakeButton("Submit", "Submit"); // Offer cancel button always? // composites and multiTracks (not standAlones or supers) if (tdbIsContainer(tdb)) { printf(" "); cgiMakeOnClickButton("htui_cancel", "window.history.back();","Cancel"); } if (tdbIsComposite(tdb)) { printf("\n  Reset to defaults\n"); - char javascript[1024]; - safef(javascript, sizeof javascript, + jsOnEventByIdF("click", "htui_reset", "setVarAndPostForm('%s','1','mainForm'); return false;", setting); - jsOnEventById("click", "htui_reset", javascript); } } if (ct) { puts("     "); cgiMakeButton(CT_DO_REMOVE_VAR, "Remove custom track"); cgiMakeHiddenVar(CT_SELECTED_TABLE_VAR, tdb->track); puts(" "); if (differentString(tdb->type, "chromGraph")) { char buf[256]; if (ajax) // reference to a separate form doesn't work in modal dialog, // so change window.location directly.
"); printf(""); - safef(javascript, sizeof javascript, "superT.plusMinus(true);"); - jsOnEventById("click", "btn_plus_all", javascript); + jsOnEventById("click", "btn_plus_all", "superT.plusMinus(true);"); printf(""); - safef(javascript, sizeof javascript, "superT.plusMinus(false);"); - jsOnEventById("click", "btn_minus_all", javascript); + jsOnEventById("click", "btn_minus_all", "superT.plusMinus(false);"); printf(" All
"); printf("
"); if (!tdbIsDownloadsOnly(tdb)) { char id[256]; enum trackVisibility tv = hTvFromString(cartUsualString(cart, tdb->track,hStringFromTv(tdb->visibility))); // Don't use cheapCgi code... no name and no boolshad... just js printf("", tdb->track, (tv != tvHide?" CHECKED":"")); safef(id, sizeof id, "%s", tdb->track); - safef(javascript, sizeof javascript, "superT.childChecked(this);"); - jsOnEventById("change", id, javascript); // TODO XSS Filter track as id? + jsOnEventById("change", id, "superT.childChecked(this);"); safef(javascript, sizeof(javascript), "superT.selChanged(this)"); struct slPair *event = slPairNew("change", cloneString(javascript)); hTvDropDownClassVisOnlyAndExtra(tdb->track, tv, tdb->canPack, (tv == tvHide ? "hiddenText":"normalText"), trackDbSetting(tdb, "onlyVisibility"), event); printf(""); safef(id, sizeof id, "%s_link", tdb->track); printf("" "%s ", (tdbIsDownloadsOnly(tdb)? hgFileUiName(): hgTrackUiName()), cartSessionVarName(), cartSessionId(cart), chromosome, cgiEncode(tdb->track), id, tdb->shortLabel); - safef(javascript, sizeof(javascript), "superT.submitAndLink(this);"); - jsOnEventById("click", id, javascript); // TODO XSS Filter track as id? + jsOnEventById("click", id, "superT.submitAndLink(this);"); } else { printf("Downloads", hgFileUiName(),cartSessionVarName(), cartSessionId(cart), cgiEncode(tdb->track)); printf(""); printf("%s ",tdb->shortLabel); } printf("%s", tdb->longLabel); char *dataVersion = trackDbSetting(tdb, "dataVersion"); if (dataVersion) printf("  %s", dataVersion); printf("