1 | /** JavaScript file of utility functions.
|
---|
2 | * At present contains functions for sanitising of URLs,
|
---|
3 | * since tomcat 8+, being more compliant with URL/URI standards, is more strict about URLs.
|
---|
4 | */
|
---|
5 |
|
---|
6 | /*
|
---|
7 | Given a string consisting of a single character, returns the %hex (%XX)
|
---|
8 | https://www.w3resource.com/javascript-exercises/javascript-string-exercise-27.php
|
---|
9 | https://stackoverflow.com/questions/40100096/what-is-equivalent-php-chr-and-ord-functions-in-javascript
|
---|
10 | https://www.w3resource.com/javascript-exercises/javascript-string-exercise-27.php
|
---|
11 | */
|
---|
12 | function urlEncodeChar(single_char_string) {
|
---|
13 | /*var hex = Number(single_char_string.charCodeAt(0)).toString(16);
|
---|
14 | var str = "" + hex;
|
---|
15 | str = "%" + str.toUpperCase();
|
---|
16 | return str;
|
---|
17 | */
|
---|
18 |
|
---|
19 | var hex = "%" + Number(single_char_string.charCodeAt(0)).toString(16).toUpperCase();
|
---|
20 | return hex;
|
---|
21 | }
|
---|
22 |
|
---|
23 | /*
|
---|
24 | Tomcat 8 appears to be stricter in requiring unsafe and reserved chars
|
---|
25 | in URLs to be escaped with URL encoding
|
---|
26 | See section "Character Encoding Chart of
|
---|
27 | https://perishablepress.com/stop-using-unsafe-characters-in-urls/
|
---|
28 | Reserved chars:
|
---|
29 | ; / ? : @ = &
|
---|
30 | -----> %3B %2F %3F %3A %40 %3D %26
|
---|
31 | [Now also reserved, but no special meaning yet in URLs (https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent)
|
---|
32 | and not required to be enforced yet, so we're aren't at present dealing with these:
|
---|
33 | ! ' ( ) *
|
---|
34 | ]
|
---|
35 | Unsafe chars:
|
---|
36 | " < > # % { } | \ ^ ~ [ ] ` and SPACE/BLANK
|
---|
37 | ----> %22 %3C %3E %23 %25 %7B %7D %7C %5C %5E ~ %5B %5D %60 and %20
|
---|
38 | But the above conflicts with the reserved vs unreserved listings at
|
---|
39 | https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI
|
---|
40 | Possibly more info: https://stackoverflow.com/questions/1547899/which-characters-make-a-url-invalid
|
---|
41 |
|
---|
42 | And the bottom of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent
|
---|
43 | lists additional characters that have been reserved since and which need encoding when in a URL component.
|
---|
44 |
|
---|
45 | Javascript already provides functions encodeURI() and encodeURIComponent(), see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI
|
---|
46 | However, the set of chars they deal with only partially overlap with the set of chars that need encoding as per the RFC3986 for URIs and RFC1738 for URLs discussed at
|
---|
47 | https://perishablepress.com/stop-using-unsafe-characters-in-urls/
|
---|
48 | We want to handle all the characters listed as unsafe and reserved at https://perishablepress.com/stop-using-unsafe-characters-in-urls/
|
---|
49 | so we define and use our own conceptually equivalent methods for both existing JavaScript methods:
|
---|
50 | - makeSafeURL() for Javascript's encodeURI() to make sure all unsafe characters in URLs are escaped by being URL encoded
|
---|
51 | - and makeSafeURLComponent() for JavaScript's encodeURIComponent to additionally make sure all reserved characters in a URL portion are escaped by being URL encoded too
|
---|
52 |
|
---|
53 | Function makeSafeURL() is passed a string that represents a URL and therefore only deals with characters that are unsafe in a URL and which therefore require escaping.
|
---|
54 | Function makeSafeURLComponent() deals with portions of a URL that when decoded need not represent a URL at all, for example data like inline templates passed in as a
|
---|
55 | URL query string's parameter values. As such makeSafeURLComponent() should escape both unsafe URL characters and characters that are reserved in URLs since reserved
|
---|
56 | characters in the query string part (as query param values representing data) may take on a different meaning from their reserved meaning in a URL context.
|
---|
57 | */
|
---|
58 |
|
---|
59 | /* URL encodes both
|
---|
60 | - UNSAFE characters to make URL safe, by calling makeSafeURL()
|
---|
61 | - and RESERVED characters (characters that have reserved meanings within a URL) to make URL valid, since the url component parameter could use reserved characters
|
---|
62 | in a non-URL sense. For example, the inline template (ilt) parameter value of a URL could use '=' and '&' signs where these would have XSLT rather than URL meanings.
|
---|
63 |
|
---|
64 | See end of https://www.w3schools.com/jsref/jsref_replace.asp to use a callback passing each captured element of a regex in str.replace()
|
---|
65 | */
|
---|
66 | function makeURLComponentSafe(url_part, encode_percentages) {
|
---|
67 | // https://stackoverflow.com/questions/12797118/how-can-i-declare-optional-function-parameters-in-javascript
|
---|
68 | encode_percentages = encode_percentages || 1; // this method forces the URL-encoding of any % in url_part, e.g. do this for inline-templates that haven't ever been encoded
|
---|
69 |
|
---|
70 | var url_encoded = makeURLSafe(url_part, encode_percentages);
|
---|
71 | //return url_encoded.replace(/;/g, "%3B").replace(/\//g, "%2F").replace(/\?/g, "%3F").replace(/\:/g, "%3A").replace(/\@/g, "%40").replace(/=/g, "%3D").replace(/\&/g,"%26");
|
---|
72 | url_encoded = url_encoded.replace(/[\;\/\?\:\@\=\&]/g, function(s) {
|
---|
73 | return urlEncodeChar(s);
|
---|
74 | });
|
---|
75 | return url_encoded;
|
---|
76 | }
|
---|
77 |
|
---|
78 | /*
|
---|
79 | URL encode UNSAFE characters to make URL passed in safe.
|
---|
80 | Set encode_percentages to 1 (true) if you don't want % signs encoded: you'd do so if the url is already partly URL encoded.
|
---|
81 | */
|
---|
82 | function makeURLSafe(url, encode_percentages) {
|
---|
83 | encode_percentages = encode_percentages || 0; // https://stackoverflow.com/questions/12797118/how-can-i-declare-optional-function-parameters-in-javascript
|
---|
84 |
|
---|
85 | var url_encoded = url;
|
---|
86 | if(encode_percentages) { url_encoded = url_encoded.replace(/\%/g,"%25"); } // encode % first
|
---|
87 | //url_encoded = url_encoded.replace(/ /g, "%20").replace(/\"/g,"%22").replace(/\</g,"%3C").replace(/\>/g,"%3E").replace(/\#/g,"%23").replace(/\{/g,"%7B").replace(/\}/g,"%7D");
|
---|
88 | //url_encoded = url_encoded.replace(/\|/g,"%7C").replace(/\\/g,"%5C").replace(/\^/g,"%5E").replace(/\[/g,"%5B").replace(/\]/g,"%5D").replace(/\`/g,"%60");
|
---|
89 | // Should we handle ~, but then what is its URL encoded value? Because https://meyerweb.com/eric/tools/dencoder/ URLencodes ~ to ~.
|
---|
90 | //return url_encoded;
|
---|
91 | url_encoded = url_encoded.replace(/[\ \"\<\>\#\{\}\|\\^\~\[\]\`]/g, function(s) {
|
---|
92 | return urlEncodeChar(s);
|
---|
93 | });
|
---|
94 | return url_encoded;
|
---|
95 | }
|
---|
96 |
|
---|
97 | /***************
|
---|
98 | * MENU SCRIPTS *
|
---|
99 | ***************/
|
---|
100 | function moveScroller() {
|
---|
101 | var move = function() {
|
---|
102 | var editbar = $("#editBar");
|
---|
103 | var st = $(window).scrollTop();
|
---|
104 | var fa = $("#float-anchor").offset().top;
|
---|
105 | if(st > fa) {
|
---|
106 |
|
---|
107 | editbar.css({
|
---|
108 | position: "fixed",
|
---|
109 | top: "0px",
|
---|
110 | width: editbar.data("width"),
|
---|
111 | //width: "30%"
|
---|
112 | });
|
---|
113 | } else {
|
---|
114 | editbar.data("width", editbar.css("width"));
|
---|
115 | editbar.css({
|
---|
116 | position: "relative",
|
---|
117 | top: "",
|
---|
118 | width: ""
|
---|
119 | });
|
---|
120 | }
|
---|
121 | };
|
---|
122 | $(window).scroll(move);
|
---|
123 | move();
|
---|
124 | }
|
---|
125 |
|
---|
126 |
|
---|
127 | function floatMenu(enabled)
|
---|
128 | {
|
---|
129 | var menu = $(".tableOfContentsContainer");
|
---|
130 | if(enabled)
|
---|
131 | {
|
---|
132 | menu.data("position", menu.css("position"));
|
---|
133 | menu.data("width", menu.css("width"));
|
---|
134 | menu.data("right", menu.css("right"));
|
---|
135 | menu.data("top", menu.css("top"));
|
---|
136 | menu.data("max-height", menu.css("max-height"));
|
---|
137 | menu.data("overflow", menu.css("overflow"));
|
---|
138 | menu.data("z-index", menu.css("z-index"));
|
---|
139 |
|
---|
140 | menu.css("position", "fixed");
|
---|
141 | menu.css("width", "300px");
|
---|
142 | menu.css("right", "0px");
|
---|
143 | menu.css("top", "100px");
|
---|
144 | menu.css("max-height", "600px");
|
---|
145 | menu.css("overflow", "auto");
|
---|
146 | menu.css("z-index", "200");
|
---|
147 |
|
---|
148 | $("#unfloatTOCButton").show();
|
---|
149 | }
|
---|
150 | else
|
---|
151 | {
|
---|
152 | menu.css("position", menu.data("position"));
|
---|
153 | menu.css("width", menu.data("width"));
|
---|
154 | menu.css("right", menu.data("right"));
|
---|
155 | menu.css("top", menu.data("top"));
|
---|
156 | menu.css("max-height", menu.data("max-height"));
|
---|
157 | menu.css("overflow", menu.data("overflow"));
|
---|
158 | menu.css("z-index", menu.data("z-index"));
|
---|
159 |
|
---|
160 | $("#unfloatTOCButton").hide();
|
---|
161 | $("#floatTOCToggle").prop("checked", false);
|
---|
162 | }
|
---|
163 |
|
---|
164 | var url = gs.xsltParams.library_name + "?a=d&ftoc=" + (enabled ? "1" : "0") + "&c=" + gs.cgiParams.c;
|
---|
165 |
|
---|
166 | $.ajax(url);
|
---|
167 | }
|
---|