af730d9e24c0642fe39657f890bc117ed015ccbf
galt
  Wed Feb 15 01:12:26 2017 -0800
CSP code cleanup. Using new var-args versions of functions jsInlineF and jsOnEventByIdF to avoid using lots of fixed-size local javascript strings.

diff --git src/hg/hgTracks/config.c src/hg/hgTracks/config.c
index 6ade4e4..5443d77 100644
--- src/hg/hgTracks/config.c
+++ src/hg/hgTracks/config.c
@@ -104,48 +104,48 @@
 	continue;
 
     /* check if group section should be displayed */
     char *otherState;
     char *indicator;
     char *indicatorImg;
     boolean isOpen = !isCollapsedGroup(group);
     collapseGroupGoodies(isOpen, FALSE, &indicatorImg,
                             &indicator, &otherState);
     hPrintf("<TR NOWRAP class='blueToggleBar'>");
     hPrintf("<TH NOWRAP align='left' colspan=3>");
     hPrintf("<table style='width:100%%;'><tr class='noData'><td style='text-align:left;'>");
     hPrintf("\n<A NAME='%sGroup'></A>",group->name);
     hPrintf("<input type=hidden name='%s' id='%s' value=%d>",
             collapseGroupVar(group->name),collapseGroupVar(group->name), (isOpen?0:1));
-    hPrintf("<IMG class='toggleButton' "
-            "id='%s_togBut' src='%s' alt='%s' title='%s this group'>&nbsp;&nbsp;",
-            group->name, indicatorImg, indicator,isOpen?"Collapse":"Expand");
-    char jsText[256];
-    // TODO XSS filter group->name
-    safef(jsText, sizeof jsText, "return vis.toggleForGroup(this,'%s');", group->name);
     char idText[256];
     safef(idText, sizeof idText, "%s_togBut", group->name);
-    jsOnEventById("click", idText, jsText);
+    hPrintf("<IMG class='toggleButton' "
+            "id='%s' src='%s' alt='%s' title='%s this group'>&nbsp;&nbsp;",
+            idText, indicatorImg, indicator,isOpen?"Collapse":"Expand");
+    // TODO XSS filter group->name
+    jsOnEventByIdF("click", idText, "return vis.toggleForGroup(this,'%s');", group->name);
 
     hPrintf("<B>&nbsp;%s</B> ", group->label);
     hPrintf("&nbsp;&nbsp;&nbsp;");
     hPrintf("</td><td style='text-align:right;'>\n");
     safef(idText, sizeof idText, "%s_hideAllBut", group->name);
     hPrintf("<INPUT TYPE=SUBMIT NAME=\"%s\" id='%s' VALUE=\"%s\" "
             "title='Hide all tracks in this groups'>",
 	    configHideAll, idText, "hide all");
     // TODO XSS filter configGroupTarget
+    char jsText[256]; 
+    // used several times
     safef(jsText, sizeof jsText, "document.mainForm.%s.value='%s'; %s",
 	    configGroupTarget, group->name, jsSetVerticalPosition("mainForm"));
     jsOnEventById("click", idText, jsText);
     hPrintf(" ");
     safef(idText, sizeof idText, "%s_showAllBut", group->name);
     hPrintf("<INPUT TYPE=SUBMIT NAME=\"%s\" id='%s' VALUE=\"%s\" "
             "title='Show all tracks in this groups'>",
 	    configShowAll, idText, "show all");
     jsOnEventById("click", idText, jsText);
     hPrintf(" ");
     safef(idText, sizeof idText, "%s_defaultBut", group->name);
     hPrintf("<INPUT TYPE=SUBMIT NAME=\"%s\" id='%s' VALUE=\"%s\" "
             "title='Show default tracks in this group'>",
 	    configDefaultAll, idText, "default");
     jsOnEventById("click", idText, jsText);