af730d9e24c0642fe39657f890bc117ed015ccbf galt Wed Feb 15 01:12:26 2017 -0800 CSP code cleanup. Using new var-args versions of functions jsInlineF and jsOnEventByIdF to avoid using lots of fixed-size local javascript strings. diff --git src/hg/hgTracks/config.c src/hg/hgTracks/config.c index 6ade4e4..5443d77 100644 --- src/hg/hgTracks/config.c +++ src/hg/hgTracks/config.c @@ -104,48 +104,48 @@ continue; /* check if group section should be displayed */ char *otherState; char *indicator; char *indicatorImg; boolean isOpen = !isCollapsedGroup(group); collapseGroupGoodies(isOpen, FALSE, &indicatorImg, &indicator, &otherState); hPrintf(""); hPrintf(""); hPrintf("
"); hPrintf("\n",group->name); hPrintf("", collapseGroupVar(group->name),collapseGroupVar(group->name), (isOpen?0:1)); - hPrintf("%s  ", - group->name, indicatorImg, indicator,isOpen?"Collapse":"Expand"); - char jsText[256]; - // TODO XSS filter group->name - safef(jsText, sizeof jsText, "return vis.toggleForGroup(this,'%s');", group->name); char idText[256]; safef(idText, sizeof idText, "%s_togBut", group->name); - jsOnEventById("click", idText, jsText); + hPrintf("%s  ", + idText, indicatorImg, indicator,isOpen?"Collapse":"Expand"); + // TODO XSS filter group->name + jsOnEventByIdF("click", idText, "return vis.toggleForGroup(this,'%s');", group->name); hPrintf(" %s ", group->label); hPrintf("   "); hPrintf("\n"); safef(idText, sizeof idText, "%s_hideAllBut", group->name); hPrintf("", configHideAll, idText, "hide all"); // TODO XSS filter configGroupTarget + char jsText[256]; + // used several times safef(jsText, sizeof jsText, "document.mainForm.%s.value='%s'; %s", configGroupTarget, group->name, jsSetVerticalPosition("mainForm")); jsOnEventById("click", idText, jsText); hPrintf(" "); safef(idText, sizeof idText, "%s_showAllBut", group->name); hPrintf("", configShowAll, idText, "show all"); jsOnEventById("click", idText, jsText); hPrintf(" "); safef(idText, sizeof idText, "%s_defaultBut", group->name); hPrintf("", configDefaultAll, idText, "default"); jsOnEventById("click", idText, jsText);