2b30b55d6a5b71648296873b570b9d68b4901b6a
galt
  Wed Feb 15 02:21:56 2017 -0800
CSP code cleanup. Using jsInlineF where needed for compact and efficient code, not using fixed-size local javascript strings which could overflow.

diff --git src/hg/lib/jsHelper.c src/hg/lib/jsHelper.c
index 0c2e34f..158d385 100644
--- src/hg/lib/jsHelper.c
+++ src/hg/lib/jsHelper.c
@@ -33,34 +33,31 @@
 void jsInit()
 /* If this is the first call, set window.onload to the operations
  * performed upon loading a page and print supporting javascript.
  * Currently this just sets the page vertical position if specified on
  * CGI, and includes jsHelper.js.
  * Subsequent calls do nothing, so this can be called many times. */
 {
 if (! jsInited)
     {
     // jsh_pageVertPos trick taken from
     // http://www.softcomplex.com/docs/get_window_size_and_scrollbar_position.html
     puts("<INPUT TYPE=HIDDEN NAME=\"jsh_pageVertPos\" VALUE=0>");
     int pos = cgiOptionalInt("jsh_pageVertPos", 0);
     if (pos > 0)
 	{
-	char javascript[1024];
-	safef(javascript, sizeof javascript,
-	       "window.onload = function () { window.scrollTo(0, %d); }", pos);
-	jsInline(javascript);
+	jsInlineF("window.onload = function () { window.scrollTo(0, %d); }", pos);
 	}
     jsInited = TRUE;
     jsIncludeFile("jsHelper.js", NULL);
     }
 }
 
 struct dyString *jsOnChangeStart()
 /* Start up an onChange string */
 {
 struct dyString *dy = dyStringNew(1024);
 return dy;
 }
 
 char *jsOnChangeEnd(struct dyString **pDy)
 /* Finish up javascript onChange command. */
@@ -77,34 +74,31 @@
 dyStringPrintf(dy, "[document.mainForm.%s.selectedIndex].value; ", var);
 }
 
 void jsTextCarryOver(struct dyString *dy, char *var)
 /* Add statement to carry-over text item to dy. */
 {
 dyStringPrintf(dy,
     "document.hiddenForm.%s.value=document.mainForm.%s.value; ",
     var, var);
 }
 
 void jsTrackingVar(char *jsVar, char *val)
 /* Emit a little Javascript to keep track of a variable.
  * This helps especially with radio buttons. */
 {
-char javascript[256];
-safef(javascript, sizeof javascript, 
-    "var %s='%s';\n", jsVar, val);
-jsInline(javascript);
+jsInlineF("var %s='%s';\n", jsVar, val);
 }
 
 void jsMakeTrackingRadioButtonExtraHtml(char *cgiVar, char *jsVar,
                                         char *val, char *selVal, char *extraHtml)
 /* Make a radio button with extra HTML attributes that also sets tracking variable
  * in javascript. */
 {
 char id[256];
 safef(id, sizeof id, "%s_%s", cgiVar, val);
 hPrintf("<INPUT TYPE=RADIO NAME='%s' ID='%s'", cgiVar, id);
 hPrintf(" VALUE=\"%s\"", val);
 if (isNotEmpty(extraHtml))
     hPrintf(" %s", extraHtml);
 jsOnEventByIdF("click", id, "%s='%s';", jsVar, val);
 if (sameString(val, selVal))
@@ -464,56 +458,54 @@
 }
 
 void jsEndCollapsibleSection()
 /* End the collapsible <TR id=...>. */
 {
 puts("</TD></TR>");
 }
 
 void jsReloadOnBackButton(struct cart *cart)
 /* Add some javascript to detect that the back button (or reload) has been pressed,
  * and to resubmit in that case to redraw the page with the latest cart contents. */
 // __detectback trick from
 // http://siphon9.net/loune/2009/07/detecting-the-back-or-refresh-button-click/
 // Yes, I know this along with every other inline <script> here belongs in a .js module
 {
-char javascript[2048];
-safef(javascript, sizeof javascript, 
+jsInlineF(
        "document.write(\"<form style='display: none'><input name='__detectback' id='__detectback' "
        "value=''></form>\");\n"
        "function checkPageBackOrRefresh() {\n"
        "  if (document.getElementById('__detectback').value) {\n"
        "    return true;\n"
        "  } else {\n"
        "    document.getElementById('__detectback').value = 'been here';\n"
        "    return false;\n"
        "  }\n"
        "}\n"
        "window.onload = function() { "
        "  if (checkPageBackOrRefresh()) { \n"
        "    if (window.location.search == '?%s') { \n"
 	      // We already have the hgsid-only URL that we want, reload it.
 	      // (necessary for IE because IE doesn't reload on replace,
 	      //  unless window.location and/or window.search changes)
        "      window.location.reload(true);\n"
        "    } else { \n"
        "      window.location.replace('%s?%s');\n"
        "    } \n"
        "  } "
        "};\n"
        , cartSidUrlString(cart), cgiScriptName(), cartSidUrlString(cart));
-jsInline(javascript);
 }
 
 static char *makeIndentBuf(int indentLevel)
 {
 if (indentLevel < 0)
     return "";
 char *indentBuf;
 indentBuf = needMem(indentLevel + 1);
 memset(indentBuf, '\t', indentLevel);
 indentBuf[indentLevel] = 0;
 return indentBuf;
 }
 
 static void jsonDyStringPrintRecurse(struct dyString *dy, struct jsonElement *ele, int indentLevel)
 {