Changeset 27259

Show
Ignore:
Timestamp:
26.04.2013 15:51:49 (6 years ago)
Author:
ak19
Message:

1. Some feedback when a user comment has been added. 2. Basic html escaping before user-provided values are submitted.

Location:
main/trunk/greenstone2/macros
Files:
2 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone2/macros/document.dm

    r27258 r27259  
    144144</p> 
    145145 
    146 <input type="submit" value="_textaddcomment_" onclick="addUserComment(document.AddUserCommentForm.username.value, document.AddUserCommentForm.comment.value, document.AddUserCommentForm.d.value); return false;"> 
     146<input type="submit" value="_textaddcomment_" onclick="addUserComment(document.AddUserCommentForm.username.value, document.AddUserCommentForm.comment.value, document.AddUserCommentForm.d.value, document); return false;"> 
     147<label id="usercommentfeedback"></label> 
    147148</form> 
    148149) 
     150 
    149151<script type="text/javascript">   
    150     function addUserComment(_username, _comment, _docid) \{ 
     152 
     153    // http://stackoverflow.com/questions/3830244/get-current-date-time-in-seconds 
     154    function safeHTML(str) \{ 
     155         return str.replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;").replace('"',"&quot;").replace("'","&#x27;").replace("/", "&#x2F;"); //"\\"" 
     156    \}  
     157 
     158    function addUserComment(_username, _comment, _docid, doc) \{ 
    151159        // Need to the add user comment meta of username, timestamp and comment to the 
    152160        // topmost section of the document. So only get the docId up to any period mark: 
     
    155163            _docid = _docid.substring(0, period); 
    156164        \} 
     165         
     166        // Entity encode the values before storing (at least <, >, /. And single and double quote, ampersand) 
     167        // http://stackoverflow.com/questions/6020714/escape-html-using-jquery 
     168        _username = safeHTML(_username); 
     169        _comment = safeHTML(_comment);       
    157170 
    158171        // Want to store username, timestamp and comment in import/metadata.xml, archives/doc.xml 
     
    210223        // GSAPI already knows the collection 
    211224        gsapi.setMetadataArray(docArray, "accumulate","import|archives|index"); 
    212  
     225        //doc.AddUserCommentForm.comment.value = "submitted"; 
     226        doc.getElementById("usercommentfeedback").innerHTML = "_textcommentsubmitted_"; //"submitted"; // <p id="feedback"></p> 
    213227    \} 
    214228</script> 
  • main/trunk/greenstone2/macros/english.dm

    r27257 r27259  
    337337 
    338338_textcommentusername_ {User name:} 
    339 _textaddusercomment_ {Add user comment:} 
     339_textaddusercomment_ {Comment:} 
    340340_textaddcomment_ {add comment} 
     341_textcommentsubmitted_ {Comment Submitted} 
    341342 
    342343_textgoto_ {go to page}