af730d9e24c0642fe39657f890bc117ed015ccbf galt Wed Feb 15 01:12:26 2017 -0800 CSP code cleanup. Using new var-args versions of functions jsInlineF and jsOnEventByIdF to avoid using lots of fixed-size local javascript strings. diff --git src/hg/hgTracks/searchTracks.c src/hg/hgTracks/searchTracks.c index 5269f8d..a1e69c1 100644 --- src/hg/hgTracks/searchTracks.c +++ src/hg/hgTracks/searchTracks.c @@ -326,92 +326,86 @@ #define MAX_FOUND_TRACKS 100 static void findTracksPageLinks(int tracksFound, int startFrom) { if (tracksFound <= MAX_FOUND_TRACKS) return; // Opener int willStartAt = 0; int curPage = (startFrom/MAX_FOUND_TRACKS) + 1; int endAt = startFrom+MAX_FOUND_TRACKS; if (endAt > tracksFound) endAt = tracksFound; hPrintf("<span><em style='font-size:.9em;'>Listing %d - %d of %d tracks</em> ", startFrom+1,endAt,tracksFound); -char javascript[1024]; // << and < if (startFrom >= MAX_FOUND_TRACKS) { hPrintf("<a href='../cgi-bin/hgTracks?%s=Search&%s=0' id='ftpl1' title='First page of found tracks'" ">«</a> ", TRACK_SEARCH,TRACK_SEARCH_PAGER); - safef(javascript, sizeof javascript, "return findTracks.page(\"%s\",0);", TRACK_SEARCH_PAGER); - jsOnEventById("click", "ftpl1", javascript); + jsOnEventByIdF("click", "ftpl1", "return findTracks.page(\"%s\",0);", TRACK_SEARCH_PAGER); willStartAt = startFrom - MAX_FOUND_TRACKS; hPrintf(" <a href='../cgi-bin/hgTracks?%s=Search&%s=%d' id='ftpl2' " "title='Previous page of found tracks'>‹</a> ", TRACK_SEARCH,TRACK_SEARCH_PAGER,willStartAt); - safef(javascript, sizeof javascript, "return findTracks.page(\"%s\",%d);", TRACK_SEARCH_PAGER,willStartAt); - jsOnEventById("click", "ftpl2", javascript); + jsOnEventByIdF("click", "ftpl2", "return findTracks.page(\"%s\",%d);", TRACK_SEARCH_PAGER,willStartAt); } // page number links int lastPage = (tracksFound/MAX_FOUND_TRACKS); if ((tracksFound % MAX_FOUND_TRACKS) > 0) lastPage++; int thisPage = curPage - 3; // Window of 3 pages above and below if (thisPage < 1) thisPage = 1; for (;thisPage <= lastPage && thisPage <= curPage + 3; thisPage++) { if (thisPage != curPage) { willStartAt = ((thisPage - 1) * MAX_FOUND_TRACKS); endAt = willStartAt+ MAX_FOUND_TRACKS; if (endAt > tracksFound) endAt = tracksFound; hPrintf(" <a href='../cgi-bin/hgTracks?%s=Search&%s=%d' id='ftpl3' " "title='Page %d (%d - %d) tracks'>%d</a> ", TRACK_SEARCH,TRACK_SEARCH_PAGER,willStartAt,thisPage,willStartAt+1,endAt,thisPage); - safef(javascript, sizeof javascript, "return findTracks.page(\"%s\",%d);",TRACK_SEARCH_PAGER,willStartAt); - jsOnEventById("click", "ftpl3", javascript); + jsOnEventByIdF("click", "ftpl3", "return findTracks.page(\"%s\",%d);",TRACK_SEARCH_PAGER,willStartAt); } else hPrintf(" <em style='color:%s;'>%d</em> ",COLOR_DARKGREY,thisPage); } // > and >> if ((startFrom + MAX_FOUND_TRACKS) < tracksFound) { willStartAt = startFrom + MAX_FOUND_TRACKS; hPrintf(" <a href='../cgi-bin/hgTracks?%s=Search&%s=%d' id='ftpl4' " "title='Next page of found tracks'>›</a> ", TRACK_SEARCH,TRACK_SEARCH_PAGER,willStartAt); - safef(javascript, sizeof javascript, "return findTracks.page(\"%s\",%d);",TRACK_SEARCH_PAGER,willStartAt); - jsOnEventById("click", "ftpl4", javascript); + jsOnEventByIdF("click", "ftpl4", "return findTracks.page(\"%s\",%d);",TRACK_SEARCH_PAGER,willStartAt); willStartAt = tracksFound - (tracksFound % MAX_FOUND_TRACKS); if (willStartAt == tracksFound) willStartAt -= MAX_FOUND_TRACKS; hPrintf(" <a href='../cgi-bin/hgTracks?%s=Search&%s=%d' id='ftpl5' title='Last page of found tracks' " ">»</a></span>\n", TRACK_SEARCH,TRACK_SEARCH_PAGER,willStartAt); - safef(javascript, sizeof javascript, "return findTracks.page(\"%s\",%d);",TRACK_SEARCH_PAGER,willStartAt); - jsOnEventById("click", "ftpl5", javascript); + jsOnEventByIdF("click", "ftpl5", "return findTracks.page(\"%s\",%d);",TRACK_SEARCH_PAGER,willStartAt); } } static void displayFoundTracks(struct cart *cart, struct slRef *tracks, int tracksFound, enum sortBy sortBy) // Routine for displaying found tracks { char id[256]; char javascript[1024]; hPrintf("<div id='found' style='display:none;'>\n"); // This div is emptied with 'clear' button if (tracksFound < 1) { hPrintf("<p>No tracks found</p>\n"); } else @@ -445,34 +439,32 @@ hPrintf("</td><td align='right' valign='bottom'>\n"); findTracksPageLinks(tracksFound,startFrom); hPrintf("</td></tr>\n"); } // Begin foundTracks table //hPrintf("<table id='foundTracks'><tr><td colspan='2'>\n"); hPrintf("<tr><td colspan='2'>\n"); hPrintf("</td><td align='right'>\n"); hPrintf("</td></tr><tr bgcolor='#%s'><td>",HG_COL_HEADER); #define PM_BUTTON \ "<IMG height=18 width=18 " \ "id='btn_%s' src='../images/%s' title='%s all found tracks'>" hPrintf(PM_BUTTON,"plus_all", "add_sm.gif", "Select"); hPrintf(PM_BUTTON,"minus_all","remove_sm.gif","Unselect"); - safef(javascript, sizeof javascript, "return findTracks.checkAllWithWait(true);"); - jsOnEventById("click", "btn_plus_all", javascript); - safef(javascript, sizeof javascript, "return findTracks.checkAllWithWait(false);"); - jsOnEventById("click", "btn_minus_all", javascript); + jsOnEventById("click", "btn_plus_all", "return findTracks.checkAllWithWait(true);"); + jsOnEventById("click", "btn_minus_all", "return findTracks.checkAllWithWait(false);"); hPrintf("</td><td><b>Visibility</b></td><td colspan=2> <b>Track Name</b>\n"); // Sort options? if (tracksFound >= ENOUGH_FOUND_TRACKS) { hPrintf("<span style='float:right;'>Sort:"); cgiMakeOnEventRadioButtonWithClass(TRACK_SEARCH_SORT, "0", (sortBy == sbRelevance), NULL,"click", "findTracks.sortNow(this);"); hPrintf("by Relevance"); cgiMakeOnEventRadioButtonWithClass(TRACK_SEARCH_SORT, "1", (sortBy == sbAbc), NULL,"click", "findTracks.sortNow(this);"); hPrintf("Alphabetically"); cgiMakeOnEventRadioButtonWithClass(TRACK_SEARCH_SORT, "2", (sortBy == sbHierarchy), NULL,"click", "findTracks.sortNow(this);"); hPrintf("by Hierarchy </span>\n"); @@ -509,84 +501,81 @@ { // Don't need all 4 states here. Visible=checked&&enabled checked = fourStateVisible(subtrackFourStateChecked(track->tdb,cart)); // Checked is only if subtrack level vis is also set! checked = (checked && ( track->visibility != tvHide )); } // Setup the check box #define CB_HIDDEN_VAR "<INPUT TYPE=HIDDEN disabled=true NAME='%s_sel' VALUE='%s'>" // subtracks and folder children get "_sel" var. ("_sel" var is temp on folder children) if (tdbIsContainerChild(track->tdb) || tdbIsFolderContent(track->tdb)) hPrintf(CB_HIDDEN_VAR,track->track,checked?"1":CART_VAR_EMPTY); #define CB_SEEN "<INPUT TYPE=CHECKBOX id='%s_sel_id' VALUE='on' class='selCb' %s>" hPrintf(CB_SEEN,track->track,(checked ? " CHECKED" : "")); safef(id, sizeof id, "%s_sel_id", track->track); // XSS Filter? - safef(javascript, sizeof javascript, "findTracks.clickedOne(this,true);"); - jsOnEventById("click", id, javascript); + jsOnEventById("click", id, "findTracks.clickedOne(this,true);"); hPrintf("</td><td>\n"); // Setup the visibility drop down #define VIS_HIDDEN_VAR "<INPUT TYPE=HIDDEN disabled=true NAME='%s' VALUE='%s'>" hPrintf(VIS_HIDDEN_VAR,track->track,CART_VAR_EMPTY); // All tracks get vis hidden var if (tdbIsFolder(track->tdb)) { safef(javascript, sizeof javascript, "findTracks.changeVis(this);"); struct slPair *event = slPairNew("change", cloneString(javascript)); hideShowDropDownWithClassAndExtra(track->track, (track->visibility != tvHide), "normalText visDD", event); } else { safef(javascript, sizeof javascript, "findTracks.changeVis(this);"); struct slPair *event = slPairNew("change", cloneString(javascript)); hTvDropDownClassWithJavascript(NULL, track->visibility,track->canPack, "normalText seenVis",event); } // If this is a container track, allow configuring... if (tdbIsContainer(track->tdb) || tdbIsFolder(track->tdb)) { containerTrackCount++; // Using onclick ensures return to search tracks on submit hPrintf(" <IMG SRC='../images/folderWrench.png' style='cursor:pointer;' " "id='%s_confSet' title='Configure this track container...' " "> ", track->track); safef(id, sizeof id, "%s_confSet", track->track); // XSS Filter? - safef(javascript, sizeof javascript, "findTracks.configSet(\"%s\");", track->track); - jsOnEventById("click", id, javascript); + jsOnEventByIdF("click", id, "findTracks.configSet(\"%s\");", track->track); } //#define SHOW_PARENT_FOLDER #ifdef SHOW_PARENT_FOLDER else if (tdbIsContainerChild(track->tdb) || tdbIsFolderContent(track->tdb)) { struct trackDb *parentTdb = tdbIsContainerChild(track->tdb) ? tdbGetContainer(track->tdb) : tdbGetImmediateFolder(track->tdb); if (parentTdb != NULL) // Using href will not return to search tracks on submit hPrintf(" <A HREF='../cgi-bin/hgTrackUi?g=%s'><IMG SRC='../images/folderC.png'" " title='Navigate to parent container...'></A> ", parentTdb->track); } #endif///def SHOW_PARENT_FOLDER hPrintf("</td>\n"); // shortLabel has description popup and longLabel has "..." metadata hPrintf("<td><a target='_top' id='%s_dispFndTrk' " "href='%s' title='Display track details'>%s</a></td>\n", track->track, trackUrl(track->track, NULL), track->shortLabel); safef(id, sizeof id, "%s_dispFndTrk", track->track); - safef(javascript, sizeof javascript, "popUp.hgTrackUi('%s',true); return false;", track->track); - jsOnEventById("click", id, javascript); + jsOnEventByIdF("click", id, "popUp.hgTrackUi('%s',true); return false;", track->track); hPrintf("<td>%s", track->longLabel); compositeMetadataToggle(database, track->tdb, NULL, TRUE, FALSE); hPrintf("</td></tr>\n"); } //hPrintf("</table>\n"); // Closing view in browser button and foundTracks count hPrintf("<tr><td nowrap colspan=3>"); hPrintf("<INPUT TYPE=SUBMIT NAME='submit' VALUE='Return to Browser' class='viewBtn' " "style='font-size:.8em;'>"); hPrintf(" <span class='selCbCount'></span>"); if (tracksFound >= ENOUGH_FOUND_TRACKS) { hPrintf("</td><td align='right' valign='top'>\n"); findTracksPageLinks(tracksFound,startFrom); @@ -600,31 +589,30 @@ "(by clicking on the <IMG SRC='../images/folderWrench.png'> icon) before they can " "be viewed in the browser.<BR>\n"); //hPrintf("* Tracks so marked are containers which group related data tracks. These may " // "not be visible unless further configuration is done. Click on the * to " // "configure these.<BR><BR>\n"); hPrintf("\n</form>\n"); // be done with json jsonTdbSettingsUse(jsonTdbVars); } hPrintf("</div>"); // This div allows the clear button to empty it } void doSearchTracks(struct group *groupList) { -char javascript[1024]; webIncludeResourceFile("ui.dropdownchecklist.css"); jsIncludeFile("ui.dropdownchecklist.js",NULL); // This line is needed to get the multi-selects initialized jsIncludeFile("ddcl.js",NULL); struct group *group; char *groups[128]; char *labels[128]; int numGroups = 1; groups[0] = ANYLABEL; labels[0] = ANYLABEL; char *nameSearch = cartOptionalString(cart, TRACK_SEARCH_ON_NAME); char *typeSearch = cartUsualString( cart, TRACK_SEARCH_ON_TYPE,ANYLABEL); char *simpleEntry = cartOptionalString(cart, TRACK_SEARCH_SIMPLE); char *descSearch = cartOptionalString(cart, TRACK_SEARCH_ON_DESCR); @@ -686,72 +674,68 @@ hPrintf("<input type='hidden' name='%s' value=''>\n",TRACK_SEARCH_DEL_ROW); hPrintf("<input type='hidden' name='%s' value=''>\n",TRACK_SEARCH_ADD_ROW); hPrintf("<input type='hidden' name='%s' value=''>\n",TRACK_SEARCH_PAGER); hPrintf("<div id='tabs' style='display:none; %s'>\n<ul>\n<li><a href='#simpleTab'>" "<B style='font-size:.9em;font-family: arial, Geneva, Helvetica, san-serif;'>Search</B>" "</a></li>\n<li><a href='#advancedTab'>" "<B style='font-size:.9em;font-family: arial, Geneva, Helvetica, san-serif;'>Advanced</B>" "</a></li>\n</ul>\n<div id='simpleTab' style='max-width:inherit;'>\n", cgiBrowser()==btIE?"width:1060px;":"max-width:inherit;"); hPrintf("<table id='simpleTable' style='width:100%%; font-size:.9em;'><tr><td colspan='2'>"); hPrintf("<input type='text' name='%s' id='simpleSearch' class='submitOnEnter' value='%s' " "style='max-width:1000px; width:100%%;'>\n", TRACK_SEARCH_SIMPLE,simpleEntry == NULL ? "" : simpleEntry); -safef(javascript, sizeof javascript, "findTracks.searchButtonsEnable(true);"); -jsOnEventById("keyup", "simpleSearch", javascript); +jsOnEventById("keyup", "simpleSearch", "findTracks.searchButtonsEnable(true);"); hPrintf("</td></tr><td style='max-height:4px;'></td></tr></table>"); //hPrintf("</td></tr></table>"); hPrintf("<input type='submit' name='%s' id='searchSubmit' value='search' " "style='font-size:.8em;'>\n", TRACK_SEARCH); hPrintf("<input type='button'id='doSTClear1' name='clear' value='clear' class='clear' " "style='font-size:.8em;'>\n"); -safef(javascript, sizeof javascript, "findTracks.clear();"); -jsOnEventById("click", "doSTClear1", javascript); +jsOnEventById("click", "doSTClear1", "findTracks.clear();"); hPrintf("<input type='submit' name='submit' value='cancel' class='cancel' " "style='font-size:.8em;'>\n"); hPrintf("</div>\n"); // Advanced tab hPrintf("<div id='advancedTab' style='width:inherit;'>\n" "<table id='advancedTable' cellSpacing=0 style='width:inherit; font-size:.9em;'>\n"); cols = 8; // Track Name contains hPrintf("<tr><td colspan=3></td>"); hPrintf("<td nowrap><b style='max-width:100px;'>Track Name:</b></td>"); hPrintf("<td align='right'>contains</td>\n"); hPrintf("<td colspan='%d'>", cols - 4); hPrintf("<input type='text' name='%s' id='nameSearch' class='submitOnEnter' value='%s' " "style='min-width:326px; font-size:.9em;'>", TRACK_SEARCH_ON_NAME, nameSearch == NULL ? "" : nameSearch); -safef(javascript, sizeof javascript, "findTracks.searchButtonsEnable(true);"); -jsOnEventById("keyup", "nameSearch", javascript); +jsOnEventById("keyup", "nameSearch", "findTracks.searchButtonsEnable(true);"); hPrintf("</td></tr>\n"); // Description contains hPrintf("<tr><td colspan=2></td><td align='right'>and </td>"); hPrintf("<td><b style='max-width:100px;'>Description:</b></td>"); hPrintf("<td align='right'>contains</td>\n"); hPrintf("<td colspan='%d'>", cols - 4); hPrintf("<input type='text' name='%s' id='descSearch' value='%s' class='submitOnEnter' " "style='max-width:536px; width:536px; font-size:.9em;'>", TRACK_SEARCH_ON_DESCR, descSearch == NULL ? "" : descSearch); -safef(javascript, sizeof javascript, "findTracks.searchButtonsEnable(true);"); -jsOnEventById("keyup", "descSearch", javascript); +jsOnEventById("keyup", "descSearch", "findTracks.searchButtonsEnable(true);"); hPrintf("</td></tr>\n"); hPrintf("<tr><td colspan=2></td><td align='right'>and </td>\n"); hPrintf("<td><b style='max-width:100px;'>Group:</b></td>"); hPrintf("<td align='right'>is</td>\n"); hPrintf("<td colspan='%d'>", cols - 4); cgiMakeDropListFullExt(TRACK_SEARCH_ON_GROUP, labels, groups, numGroups, groupSearch, NULL, NULL, "min-width:40%; font-size:.9em;", "groupSearch"); hPrintf("</td></tr>\n"); // Track Type is (drop down) hPrintf("<tr><td colspan=2></td><td align='right'>and </td>\n"); hPrintf("<td nowrap><b style='max-width:100px;'>Data Format:</b></td>"); hPrintf("<td align='right'>is</td>\n"); hPrintf("<td colspan='%d'>", cols - 4); @@ -770,32 +754,31 @@ mdbSelects = mdbSelectPairs(cart, mdbVars); char *output = mdbSelectsHtmlRows(conn,mdbSelects,mdbVars,cols,FALSE); // not a fileSearch if (output) { puts(output); freeMem(output); } slPairFreeList(&mdbVars); } hPrintf("</table>\n"); hPrintf("<input type='submit' name='%s' id='searchSubmit' value='search' " "style='font-size:.8em;'>\n", TRACK_SEARCH); hPrintf("<input type='button' id='doSTClear2' name='clear' value='clear' class='clear' " "style='font-size:.8em;'>\n"); -safef(javascript, sizeof javascript, "findTracks.clear();"); -jsOnEventById("click", "doSTClear2", javascript); +jsOnEventById("click", "doSTClear2", "findTracks.clear();"); hPrintf("<input type='submit' name='submit' value='cancel' class='cancel' " "style='font-size:.8em;'>\n"); //hPrintf("<a target='_blank' href='../goldenPath/help/trackSearch.html'>help</a>\n"); hPrintf("</div>\n"); hPrintf("</div>\n"); hPrintf("</form>\n"); hPrintf("</div>"); // Restricts to max-width:1000px; cgiDown(0.8); if (measureTiming) measureTime("Rendered tabs"); if (doSearch)