Changeset 27259


Ignore:
Timestamp:
04/26/13 15:51:49 (8 years ago)
Author:
ak19
Message:
  1. Some feedback when a user comment has been added. 2. Basic html escaping before user-provided values are submitted.
Location:
main/trunk/greenstone2/macros
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone2/macros/document.dm

    r27258 r27259  
    144144</p>
    145145
    146 <input type="submit" value="_textaddcomment_" onclick="addUserComment(document.AddUserCommentForm.username.value, document.AddUserCommentForm.comment.value, document.AddUserCommentForm.d.value); return false;">
     146<input type="submit" value="_textaddcomment_" onclick="addUserComment(document.AddUserCommentForm.username.value, document.AddUserCommentForm.comment.value, document.AddUserCommentForm.d.value, document); return false;">
     147<label id="usercommentfeedback"></label>
    147148</form>
    148149)
     150
    149151<script type="text/javascript"> 
    150     function addUserComment(_username, _comment, _docid) \{
     152
     153    // http://stackoverflow.com/questions/3830244/get-current-date-time-in-seconds
     154    function safeHTML(str) \{
     155         return str.replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;").replace('"',"&quot;").replace("'","&#x27;").replace("/", "&#x2F;"); //"\\""
     156    \}
     157
     158    function addUserComment(_username, _comment, _docid, doc) \{
    151159        // Need to the add user comment meta of username, timestamp and comment to the
    152160        // topmost section of the document. So only get the docId up to any period mark:
     
    155163            _docid = _docid.substring(0, period);
    156164        \}
     165       
     166        // Entity encode the values before storing (at least <, >, /. And single and double quote, ampersand)
     167        // http://stackoverflow.com/questions/6020714/escape-html-using-jquery
     168        _username = safeHTML(_username);
     169        _comment = safeHTML(_comment);     
    157170
    158171        // Want to store username, timestamp and comment in import/metadata.xml, archives/doc.xml
     
    210223        // GSAPI already knows the collection
    211224        gsapi.setMetadataArray(docArray, "accumulate","import|archives|index");
    212 
     225        //doc.AddUserCommentForm.comment.value = "submitted";
     226        doc.getElementById("usercommentfeedback").innerHTML = "_textcommentsubmitted_"; //"submitted"; // <p id="feedback"></p>
    213227    \}
    214228</script>
  • main/trunk/greenstone2/macros/english.dm

    r27257 r27259  
    337337
    338338_textcommentusername_ {User name:}
    339 _textaddusercomment_ {Add user comment:}
     339_textaddusercomment_ {Comment:}
    340340_textaddcomment_ {add comment}
     341_textcommentsubmitted_ {Comment Submitted}
    341342
    342343_textgoto_ {go to page}
Note: See TracChangeset for help on using the changeset viewer.