ca001361fc433fbacc4805265af7110c8b24a9bb galt Tue Apr 4 12:28:38 2017 -0700 code cleanup from CSP changes. diff --git src/lib/cheapcgi.c src/lib/cheapcgi.c index f36804c..410c687 100644 --- src/lib/cheapcgi.c +++ src/lib/cheapcgi.c @@ -13,52 +13,30 @@ #include "filePath.h" #include "htmshell.h" #ifndef GBROWSE #include "mime.h" #endif /* GBROWSE */ #include //============ javascript inline-separation routines =============== // One of the main services that CSP (Content Security Policy) provides // is protecting from reflected and stored XSS attacks by disabling all inline javacript, // both in script tags, and in inline event handlers. The separated javascript // can be either added back to the end of the html page with a nonce or sha hashid, // or it can be saved to a temp file in trash and then included as a non-inline, off-page .js. -// TODO make other versions that capture the output to a temp file. - -/* OBSOLETE -// Auto-increment. This helps create unique ids for easily connecting inline js with the html element. - -int autoInc = 0; -int getAutoInc() -// Get auto-incrementing value. -{ -return autoInc++; -} - -char *getAutoIncId() -// Generate an automatically incrementing html id attribute value. -// For cases where the element is not given any id, generate a unique id automatically. -{ -char autoId[32]; -safef(autoId, sizeof autoId, "auto%d", getAutoInc()); -return cloneString(autoId); -} -END OBSOLETE */ - struct dyString *jsInlineLines = NULL; void jsInlineInit() /* init if needed */ { if (!jsInlineLines) { jsInlineLines = dyStringNew(1024); } } void jsInline(char *javascript) /* Add javascript text to output file or memory structure */ { jsInlineInit(); // init if needed @@ -71,31 +49,31 @@ jsInlineInit(); // init if needed va_list args; va_start(args, format); dyStringVaPrintf(jsInlineLines, format, args); va_end(args); } boolean jsInlineFinishCalled = FALSE; void jsInlineFinish() /* finish outputting accumulated inline javascript */ { if (jsInlineFinishCalled) { // jsInlineFinish can be called multiple times when generating framesets or genomeSpace. - warn("jsInlineFinish() called already."); // TODO GALT + warn("jsInlineFinish() called already."); } jsInlineInit(); // init if needed printf("\n", getNonce(), jsInlineLines->string); dyStringClear(jsInlineLines); jsInlineFinishCalled = TRUE; } void jsInlineReset() /* used by genomeSpace to repeatedly output multiple pages to stdout */ { jsInlineFinishCalled = FALSE; } const char * const jsEvents[] = { "abort", @@ -1729,42 +1707,34 @@ cgiMakeCheckBox2Bool(name, checked, TRUE, id, NULL); } void cgiMakeCheckBox(char *name, boolean checked) /* Make check box. */ { cgiMakeCheckBox2Bool(name, checked, TRUE, NULL, NULL); } void cgiMakeCheckBoxEnabled(char *name, boolean checked, boolean enabled) /* Make check box, optionally enabled/disabled. */ { cgiMakeCheckBox2Bool(name, checked, enabled, NULL, NULL); } -// TODO hopefully make this OBSOLETE -void cgiMakeCheckBoxJS(char *name, boolean checked, char *javascript) -/* Make check box with javascript. */ -{ -cgiMakeCheckBox2Bool(name,checked,TRUE,NULL,javascript); -} - -// TODO hopefully make this OBSOLETE -void cgiMakeCheckBoxIdAndJS(char *name, boolean checked, char *id, char *javascript) -/* Make check box with ID and javascript. */ +void cgiMakeCheckBoxMore(char *name, boolean checked, char *moreHtml) +/* Make check box with moreHtml. */ { -cgiMakeCheckBox2Bool(name,checked,TRUE,id,javascript); +cgiMakeCheckBox2Bool(name,checked,TRUE,NULL,moreHtml); } void cgiMakeCheckBoxIdAndMore(char *name, boolean checked, char *id, char *moreHtml) /* Make check box with ID and extra (non-javascript) html. */ { cgiMakeCheckBox2Bool(name,checked,TRUE,id,moreHtml); } void cgiMakeCheckBoxFourWay(char *name, boolean checked, boolean enabled, char *id, char *classes, char *moreHtml) /* Make check box - with fourWay functionality (checked/unchecked by enabled/disabled) * Also makes a shadow hidden variable that supports the 2 boolean states. */ { char shadName[256];