You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2023/04/20 17:56:39 UTC
[allura] branch master updated: [#8504] added new csp into middleware and removed onclick inline events from html templates
This is an automated email from the ASF dual-hosted git repository.
brondsem pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/allura.git
The following commit(s) were added to refs/heads/master by this push:
new 4b0545f44 [#8504] added new csp into middleware and removed onclick inline events from html templates
4b0545f44 is described below
commit 4b0545f4487b24cc399c6007f6cea931a57d035e
Author: Guillermo Cruz <gu...@slashdotmedia.com>
AuthorDate: Tue Mar 14 12:48:08 2023 -0500
[#8504] added new csp into middleware and removed onclick inline events from html templates
---
.../templates/dashboard_section_base.html | 4 +++
.../templates/sections/projects.html | 10 ++++++-
.../templates/profile_section_base.html | 5 ++++
.../user_profile/templates/sections/projects.html | 10 ++++++-
Allura/allura/lib/custom_middleware.py | 10 +++++--
.../templates/jinja_master/sidebar_menu.html | 13 ++++++++-
.../templates/neighborhood_admin_accolades.html | 19 ++++++++++--
Allura/allura/templates/repo/merge_request.html | 12 ++++++--
.../allura/templates/widgets/attachment_add.html | 11 ++++++-
.../allura/templates/widgets/attachment_list.html | 16 ++++++++--
Allura/allura/templates/widgets/post_widget.html | 10 ++++++-
Allura/allura/templates/widgets/vote.html | 4 +--
.../jinja_master/sidebar_menu.html | 12 +++++++-
Allura/allura/tests/functional/test_root.py | 4 +--
Allura/development.ini | 3 ++
.../templates/discussionforums/admin_forums.html | 7 ++++-
.../templates/feedback/common_feedback.html | 15 ++++++++--
.../templates/feedback/edit_feedback.html | 13 +++++----
.../templates/feedback/new_feedback.html | 14 +++++----
ForgeFiles/forgefiles/templates/files.html | 34 ++++++++++++++++++++--
ForgeSVN/forgesvn/templates/svn/checkout_url.html | 6 +++-
.../templates/tracker_widgets/options_admin.html | 10 ++++++-
.../forgetracker/widgets/admin_custom_fields.py | 4 ---
23 files changed, 205 insertions(+), 41 deletions(-)
diff --git a/Allura/allura/ext/personal_dashboard/templates/dashboard_section_base.html b/Allura/allura/ext/personal_dashboard/templates/dashboard_section_base.html
index 7e15dad40..906a5341c 100644
--- a/Allura/allura/ext/personal_dashboard/templates/dashboard_section_base.html
+++ b/Allura/allura/ext/personal_dashboard/templates/dashboard_section_base.html
@@ -26,3 +26,7 @@
{% block content %}{% endblock %}
</div>
</div>
+
+{% block extra_js %}
+
+{% endblock %}
\ No newline at end of file
diff --git a/Allura/allura/ext/personal_dashboard/templates/sections/projects.html b/Allura/allura/ext/personal_dashboard/templates/sections/projects.html
index 5616ce096..ccbd270a3 100644
--- a/Allura/allura/ext/personal_dashboard/templates/sections/projects.html
+++ b/Allura/allura/ext/personal_dashboard/templates/sections/projects.html
@@ -58,9 +58,17 @@
</ul>
{% if projects|length > 5 %}
<div class="show-more-projects">
- <button onclick="$(this).hide().closest('.section-body').find('li.hidden').show()">
+ <button id="show-more-profile-projects">
{{ g.icons['add'].render(title='Show More', show_title=True, tag='b') }}
</button>
</div>
{% endif %}
{% endblock %}
+
+{% block extra_js %}
+ <script>
+ $('#show-more-profile-projects').on('click', function(e){
+ $(this).hide().closest('.section-body').find('li.hidden').show();
+ });
+ </script>
+{% endblock %}
\ No newline at end of file
diff --git a/Allura/allura/ext/user_profile/templates/profile_section_base.html b/Allura/allura/ext/user_profile/templates/profile_section_base.html
index 7e15dad40..0cff1984d 100644
--- a/Allura/allura/ext/user_profile/templates/profile_section_base.html
+++ b/Allura/allura/ext/user_profile/templates/profile_section_base.html
@@ -26,3 +26,8 @@
{% block content %}{% endblock %}
</div>
</div>
+
+
+{% block extra_js %}
+
+{% endblock %}
diff --git a/Allura/allura/ext/user_profile/templates/sections/projects.html b/Allura/allura/ext/user_profile/templates/sections/projects.html
index 00e789b19..e774111d6 100644
--- a/Allura/allura/ext/user_profile/templates/sections/projects.html
+++ b/Allura/allura/ext/user_profile/templates/sections/projects.html
@@ -58,10 +58,18 @@
</ul>
{% if projects|length > 5 %}
<div class="show-more-projects">
- <button onclick="$(this).hide().closest('.section-body').find('li.hidden').show()">
+ <button id="show-more-profile-projects">
{{ g.icons['add'].render(title='Show More', show_title=True, tag='b') }}
</button>
</div>
{% endif %}
{% endblock %}
+
+{% block extra_js %}
+ <script>
+ $('#show-more-profile-projects').on('click', function(e){
+ $(this).hide().closest('.section-body').find('li.hidden').show();
+ });
+ </script>
+{% endblock %}
diff --git a/Allura/allura/lib/custom_middleware.py b/Allura/allura/lib/custom_middleware.py
index 72fd7677f..c0ca9684a 100644
--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -510,9 +510,15 @@ class ContentSecurityPolicyMiddleware:
script_srcs = f"{script_srcs} {' '.join(environ['csp_script_domains'])}"
if asbool(self.config.get('csp.script_src_enforce', False)):
- rules.add(f"script-src {script_srcs} {self.config.get('csp.script_src.extras','')}")
+ rules.add(f"script-src {script_srcs} {self.config.get('csp.script_src.extras','')} 'report-sample'")
else:
- report_rules.add(f"script-src {script_srcs} {self.config.get('csp.script_src.extras','')}")
+ report_rules.add(f"script-src {script_srcs} {self.config.get('csp.script_src.extras','')} 'report-sample'")
+
+ if self.config.get('csp.script_src_attr'):
+ if asbool(self.config.get('csp.script_src_attr_enforce', False)):
+ rules.add(f"script-src-attr {self.config.get('csp.script_src_attr')} 'report-sample'")
+ else:
+ report_rules.add(f"script-src-attr {self.config.get('csp.script_src_attr')} 'report-sample'")
rules.add("object-src 'none'")
rules.add("frame-ancestors 'self'")
diff --git a/Allura/allura/templates/jinja_master/sidebar_menu.html b/Allura/allura/templates/jinja_master/sidebar_menu.html
index 11007ffb9..6097e7132 100644
--- a/Allura/allura/templates/jinja_master/sidebar_menu.html
+++ b/Allura/allura/templates/jinja_master/sidebar_menu.html
@@ -68,7 +68,7 @@
{% set admin_menu = c.app.admin_menu() %}
{% endif %}
{% if admin_menu %}
- <a id='sidebar-admin-header' onclick='$("#sidebar-admin-menu").toggleClass("hidden");$("#sidebar-admin-header").toggleClass("expanded");return false;'
+ <a id='sidebar-admin-header'
href='#' {% if request.path.startswith(c.app.admin_url) %}class="expanded"{% endif %}>
{{sidebar_item(c.app.admin_menu_collapse_button)}}
</a>
@@ -99,3 +99,14 @@
</script>
{% endif %}
</div>
+
+
+{% block extra_js %}
+<script>
+$('#sidebar-admin-header').on('click', function(e){
+ $("#sidebar-admin-menu").toggleClass("hidden");
+ $(this).toggleClass("expanded");
+ e.preventDefault();
+});
+</script>
+{% endblock %}
diff --git a/Allura/allura/templates/neighborhood_admin_accolades.html b/Allura/allura/templates/neighborhood_admin_accolades.html
index 40b5bec76..8269a1c84 100644
--- a/Allura/allura/templates/neighborhood_admin_accolades.html
+++ b/Allura/allura/templates/neighborhood_admin_accolades.html
@@ -47,7 +47,7 @@
<td><a href="{{award.longurl()}}">{{award.short}}</a></td>
<td>{{award.full}}</td>
<td>
- <form action="{{award.longurl()}}/delete" method="post" onsubmit="return confirm('Continue to delete this award?');">
+ <form action="{{award.longurl()}}/delete" method="post" class="delete-accolades" >
<input type="submit" value="Delete"/>
{{lib.csrf_token()}}
</form>
@@ -126,7 +126,7 @@
<td>{{grant.comment}}</td>
<td>
{% if grant.granted_to_project %}
- <form action="{{grant.longurl()}}/revoke" method="post" onsubmit="return confirm('Continue to revoke this award?');">
+ <form action="{{grant.longurl()}}/revoke" method="post" class="revoke-award">
<input type="submit" value="Revoke"/>
{{lib.csrf_token()}}
</form>
@@ -139,3 +139,18 @@
</p>
{% endif %}
{% endblock %}
+
+{% block extra_js %}
+ <script>
+ $('.delete-accolades, .revoke-award').each(function(el,index){
+ $(this).on('submit', function(e){
+ if ($(this).attr('class') === 'delete-accolades') {
+ return confirm('Continue to delete this award?');
+ }
+ if ($(this).attr('class') === 'revoke-award') {
+ return confirm('Continue to revoke this award?');
+ }
+ })
+ })
+ </script>
+{% endblock %}
diff --git a/Allura/allura/templates/repo/merge_request.html b/Allura/allura/templates/repo/merge_request.html
index 61a4de8e3..59168eefd 100644
--- a/Allura/allura/templates/repo/merge_request.html
+++ b/Allura/allura/templates/repo/merge_request.html
@@ -91,7 +91,7 @@ Merge Request #{{req.request_number}}: {{req.summary}} ({{req.status}})
<div class="grid-19 merge-toolbar">
{% if req.merge_allowed(c.user) %}
- <form action="merge" method="POST" onsubmit="return confirm('Do you really want to Accept this Merge Request?');">
+ <form action="merge" method="POST" id="merge-accept">
{{ lib.csrf_token() }}
<button type="submit" id="merge-btn" {% if not can_merge or merge_status in ('ready', 'busy') %}disabled="disabled"{% endif %}>
<i class="fa fa-code-fork fa-flip-vertical" aria-hidden="true"></i> Merge
@@ -100,7 +100,7 @@ Merge Request #{{req.request_number}}: {{req.summary}} ({{req.status}})
{% endif %}
{% if req.creator == c.user and req.status == "open" %}
- <form action="save" method="POST" onsubmit="return confirm('Do you really want to Reject this Merge Request?');">
+ <form action="save" method="POST" id="merge-reject">
{{ lib.csrf_token() }}
<input type="hidden" value="rejected" name="status">
<button type="submit" id="reject-btn" type="submit" >
@@ -297,5 +297,13 @@ $(function() {
check_commits();
{% endif %}
});
+$('#merge-accept, #merge-reject').on('submit', function(e){
+ if ($(this).attr('id') === 'merge-accept'){
+ return confirm('Do you really want to Accept this Merge Request?');
+ }
+ if ($(this).attr('id') === 'merge-reject'){
+ return confirm('Do you really want to Reject this Merge Request?');
+ }
+})
</script>
{% endblock %}
diff --git a/Allura/allura/templates/widgets/attachment_add.html b/Allura/allura/templates/widgets/attachment_add.html
index cc8dbf7c6..0568f3289 100644
--- a/Allura/allura/templates/widgets/attachment_add.html
+++ b/Allura/allura/templates/widgets/attachment_add.html
@@ -20,7 +20,6 @@
<form method="post"
id="attachment_form"
action="{{action}}"
- onsubmit="{{onsubmit}}"
enctype="multipart/form-data">
<a href="#" class="btn link attachment_form_add_button">Add attachments</a>
<div class="attachment_form_fields" style="display:none">
@@ -29,3 +28,13 @@
</div>
{{lib.csrf_token()}}
</form>
+
+{% block extra_js %}
+{%- if onsubmit %}
+ <script>
+ $('#attachment_form').on('submit', function(e){
+ {{onsubmit}}
+ })
+ </script>
+{% endif -%}
+{% endblock %}
diff --git a/Allura/allura/templates/widgets/attachment_list.html b/Allura/allura/templates/widgets/attachment_list.html
index c992659fb..9cf7d57b9 100644
--- a/Allura/allura/templates/widgets/attachment_list.html
+++ b/Allura/allura/templates/widgets/attachment_list.html
@@ -30,7 +30,7 @@
{{att.filename}}
</a>
{% if edit_mode %}
- <form method="post" action="{{att.url()}}" onsubmit="{{onsubmit}}">
+ <form method="post" action="{{att.url()}}" class="attachment-image" >
<input type="hidden" name="delete" value="True"/>
<input type="submit" value="Delete File"/>
{{lib.csrf_token()}}
@@ -42,7 +42,7 @@
<div class="attachment_files">
{% for att in attachments if not att.is_image() %}
<div>
- <form method="post" action="{{att.url()}}" onsubmit="{{onsubmit}}">
+ <form method="post" action="{{att.url()}}" class="attachment-file" >
<a href="{{att.url()}}">{{att.filename}}</a>
({{att.length}} bytes)
<input type="hidden" name="delete" value="True"/>
@@ -60,3 +60,15 @@
{% endif %}
<div style="clear:both"></div>
</div>
+
+{% block extra_js %}
+{%- if onsubmit %}
+ <script>
+ $('.attachment-image, .attachment-file').each(function(el,index){
+ $(this).on('submit', function(e){
+ {{onsubmit}}
+ })
+ })
+ </script>
+{% endif -%}
+{% endblock %}
diff --git a/Allura/allura/templates/widgets/post_widget.html b/Allura/allura/templates/widgets/post_widget.html
index d986d5f5d..ef205bcba 100644
--- a/Allura/allura/templates/widgets/post_widget.html
+++ b/Allura/allura/templates/widgets/post_widget.html
@@ -133,7 +133,7 @@
<div class="attachment_toolbar">
<form method="POST" action="{{att.url()}}">
{% if can_moderate_post %}
- <a href="javascript: void(0)" onclick="$(this).closest('form').submit();" title="Remove Attachment" class="btn ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only">
+ <a href="javascript: void(0)" id="remove-attachment" title="Remove Attachment" class="btn ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only">
<span><i class="fa fa-trash-o" aria-hidden="true"></i></span>
</a>
{% endif %}
@@ -187,3 +187,11 @@
</ul>
</div>
</div>
+
+{% block extra_js %}
+<script>
+$('.attachment_toolbar #remove-attachment').on('click', function(e){
+ $(this).closest('form').submit();
+})
+</script>
+{% endblock %}
\ No newline at end of file
diff --git a/Allura/allura/templates/widgets/vote.html b/Allura/allura/templates/widgets/vote.html
index 533ada519..3dc856bf3 100644
--- a/Allura/allura/templates/widgets/vote.html
+++ b/Allura/allura/templates/widgets/vote.html
@@ -24,10 +24,10 @@
{% if can_vote %}
<div id="vote" class="gray">
<span class="btn-set duo">
- <a href="" class="btn {% if voted == 1 %}active{% endif %} {% if can_vote %}js-vote-up{% endif %}" onclick="javascript:return false;">
+ <a href="" class="btn {% if voted == 1 %}active{% endif %} {% if can_vote %}js-vote-up{% endif %}">
{{ g.icons['vote_up'].render(tag='b', style="color:green;") }}
</a>
- <a href="" class="btn {% if voted == -1 %}active{% endif %} {% if can_vote %}js-vote-down{% endif %}" onclick="javascript:return false;">
+ <a href="" class="btn {% if voted == -1 %}active{% endif %} {% if can_vote %}js-vote-down{% endif %}">
{{ g.icons['vote_down'].render(tag='b', style="color:red;") }}
</a>
</span>
diff --git a/Allura/allura/templates_responsive/jinja_master/sidebar_menu.html b/Allura/allura/templates_responsive/jinja_master/sidebar_menu.html
index a60502478..74b73ebd4 100644
--- a/Allura/allura/templates_responsive/jinja_master/sidebar_menu.html
+++ b/Allura/allura/templates_responsive/jinja_master/sidebar_menu.html
@@ -68,7 +68,7 @@
{% set admin_menu = c.app.admin_menu() %}
{% endif %}
{% if admin_menu %}
- <a id='sidebar-admin-header' onclick='$("#sidebar-admin-menu").toggleClass("hidden");$("#sidebar-admin-header").toggleClass("expanded");return false;'
+ <a id='sidebar-admin-header'
href='#' {% if request.path.startswith(c.app.admin_url) %}class="expanded"{% endif %}>
{{sidebar_item(c.app.admin_menu_collapse_button)}}
</a>
@@ -99,3 +99,13 @@
</script>
{% endif %}
</div>
+
+{% block extra_js %}
+<script>
+$('#sidebar-admin-header').on('click', function(e){
+ $("#sidebar-admin-menu").toggleClass("hidden");
+ $(this).toggleClass("expanded");
+ e.preventDefault();
+});
+</script>
+{% endblock %}
diff --git a/Allura/allura/tests/functional/test_root.py b/Allura/allura/tests/functional/test_root.py
index fa6224046..8dfbe0dd7 100644
--- a/Allura/allura/tests/functional/test_root.py
+++ b/Allura/allura/tests/functional/test_root.py
@@ -106,8 +106,8 @@ class TestRootController(TestController):
response = self.app.get('/neighborhood')
# inject it into the sidebar data
content = response.html.find('div', {'id': 'content_base'}).prettify()
- assert '<script>' not in content, content
- assert '<script>' in content
+ assert '<script>alert' not in content, content
+ assert '<script>alert' in content
def test_strange_accept_headers(self):
hdrs = [
diff --git a/Allura/development.ini b/Allura/development.ini
index d6ac0c80b..b73c0173c 100644
--- a/Allura/development.ini
+++ b/Allura/development.ini
@@ -683,6 +683,9 @@ csp.form_action_urls = 'self'
csp.script_src = 'self' www.google-analytics.com
csp.script_src.extras = 'unsafe-inline' 'unsafe-eval'
+; to enable enforce mode on script-src-attr
+;csp.script_src_attr_enforce = true
+csp.script_src_attr = 'none'
;
; Settings for comment reactions
;
diff --git a/ForgeDiscussion/forgediscussion/templates/discussionforums/admin_forums.html b/ForgeDiscussion/forgediscussion/templates/discussionforums/admin_forums.html
index fc72f790e..ddfad95c5 100644
--- a/ForgeDiscussion/forgediscussion/templates/discussionforums/admin_forums.html
+++ b/ForgeDiscussion/forgediscussion/templates/discussionforums/admin_forums.html
@@ -89,7 +89,7 @@
<td>{{lib.post_summary(forum.last_post)}}</td>
<td>
<input name="{{'forum-%s.id' % loop.index0}}" type="hidden" value="{{forum._id}}"/>
- <input type="submit" name="{{'forum-%s.delete' % loop.index0}}" value="Delete" onclick="return confirm('Really delete this forum?');" /><br/>
+ <input type="submit" name="{{'forum-%s.delete' % loop.index0}}" class="delete-forum" value="Delete" /><br/>
</td>
</tr>
{% endfor %}
@@ -115,5 +115,10 @@
return false;
});
});
+ $('.delete-forum').each(function(el, index){
+ $(this).on('click', function(e){
+ return confirm('Really delete this forum?');
+ })
+ })
</script>
{% endblock %}
diff --git a/ForgeFeedback/forgefeedback/templates/feedback/common_feedback.html b/ForgeFeedback/forgefeedback/templates/feedback/common_feedback.html
index 6bd6634a2..5cb838e26 100755
--- a/ForgeFeedback/forgefeedback/templates/feedback/common_feedback.html
+++ b/ForgeFeedback/forgefeedback/templates/feedback/common_feedback.html
@@ -22,7 +22,7 @@
<!-- macro for feedback textarea -->
{% macro feed_textarea(name='description',id='description',placeholder='',description='') %}
-<textarea class="textbox" name="{{name}}" id="{{id}}" maxlength=100 onkeyup="manage()" placeholder="{{placeholder}}">{{description}}</textarea>
+<textarea class="textbox" name="{{name}}" id="{{id}}" maxlength=100 placeholder="{{placeholder}}">{{description}}</textarea>
{% endmacro %}
<!-- macro for feedback alert message -->
@@ -60,10 +60,13 @@ function manage()
</script>
<script>
+ $("#description").on('keyup', function(e){
+ manage()
+ })
$('#feedback_form').submit(function(event){
event.preventDefault();
var description = $("#description").val();
-
+
$.ajax({
context: this,
url:'{{url}}feedback_check',
@@ -83,6 +86,14 @@ function manage()
});
});
+
+ function setupRatingEvent(){
+ $('.rating > input').each(function(el,index){
+ $(this).on('click', function(e){
+ manage();
+ })
+ })
+ }
</script>
{% endmacro %}
diff --git a/ForgeFeedback/forgefeedback/templates/feedback/edit_feedback.html b/ForgeFeedback/forgefeedback/templates/feedback/edit_feedback.html
index bf6ec7548..ff3d29489 100755
--- a/ForgeFeedback/forgefeedback/templates/feedback/edit_feedback.html
+++ b/ForgeFeedback/forgefeedback/templates/feedback/edit_feedback.html
@@ -51,11 +51,11 @@ p {
<div class="col-75">
<fieldset class="rating">
- <input type="radio" id="star5" name="rating" value="5" {% if rating == '5' %} checked="checked" {% endif %} onclick="manage()" /><label for="star5" title="Excellent"></label>
- <input type="radio" id="star4" name="rating" value="4" {% if rating == '4' %} checked="checked" {% endif %} onclick="manage()" /><label for="star4" title="Great"></label>
- <input type="radio" id="star3" name="rating" value="3" {% if rating == '3' %} checked="checked" {% endif %} onclick="manage()" /><label for="star3" title="Good"></label>
- <input type="radio" id="star2" name="rating" value="2" {% if rating == '2' %} checked="checked" {% endif %} onclick="manage()" /><label for="star2" title="Average"></label>
- <input type="radio" id="star1" name="rating" value="1" {% if rating == '1' %} checked="checked" {% endif %} onclick="manage()" /><label for="star1" title="Poor"></label>
+ <input type="radio" id="star5" name="rating" value="5" {% if rating == '5' %} checked="checked" {% endif %} /><label for="star5" title="Excellent"></label>
+ <input type="radio" id="star4" name="rating" value="4" {% if rating == '4' %} checked="checked" {% endif %} /><label for="star4" title="Great"></label>
+ <input type="radio" id="star3" name="rating" value="3" {% if rating == '3' %} checked="checked" {% endif %} /><label for="star3" title="Good"></label>
+ <input type="radio" id="star2" name="rating" value="2" {% if rating == '2' %} checked="checked" {% endif %} /><label for="star2" title="Average"></label>
+ <input type="radio" id="star1" name="rating" value="1" {% if rating == '1' %} checked="checked" {% endif %} /><label for="star1" title="Poor"></label>
</fieldset>
</div>
@@ -79,6 +79,9 @@ p {
{% block extra_js %}
<!-- profanity script's macro -->
{{ common_feed.profanity_scripts(url=c.app.url) }}
+ <script>
+ setupRatingEvent()
+ </script>
{% endblock %}
diff --git a/ForgeFeedback/forgefeedback/templates/feedback/new_feedback.html b/ForgeFeedback/forgefeedback/templates/feedback/new_feedback.html
index bf93b3bb5..f8d87d7b5 100755
--- a/ForgeFeedback/forgefeedback/templates/feedback/new_feedback.html
+++ b/ForgeFeedback/forgefeedback/templates/feedback/new_feedback.html
@@ -48,11 +48,11 @@ p {
</div>
<div class="col-75">
<fieldset class="rating" id="sar">
- <input type="radio" id="star5" name="rating" value="5" onclick="manage()" /><label for="star5" title="Excellent">5 stars</label>
- <input type="radio" id="star4" name="rating" value="4" onclick="manage()" /><label for="star4" title="Great">4 stars</label>
- <input type="radio" id="star3" name="rating" value="3" onclick="manage()" /><label for="star3" title="Good">3 stars</label>
- <input type="radio" id="star2" name="rating" value="2" onclick="manage()" /><label for="star2" title="Average">2 stars</label>
- <input type="radio" id="star1" name="rating" value="1" onclick="manage()" /><label for="star1" title="Poor">1 star</label>
+ <input type="radio" id="star5" name="rating" value="5" /><label for="star5" title="Excellent">5 stars</label>
+ <input type="radio" id="star4" name="rating" value="4" /><label for="star4" title="Great">4 stars</label>
+ <input type="radio" id="star3" name="rating" value="3" /><label for="star3" title="Good">3 stars</label>
+ <input type="radio" id="star2" name="rating" value="2" /><label for="star2" title="Average">2 stars</label>
+ <input type="radio" id="star1" name="rating" value="1" /><label for="star1" title="Poor">1 star</label>
</fieldset>
</div>
</div>
@@ -68,10 +68,12 @@ p {
</div>
{% endblock %}
-
{% block extra_js %}
<!-- profanity script's macro -->
{{ common_feed.profanity_scripts(url=c.app.url) }}
+ <script>
+ setupRatingEvent()
+ </script>
{% endblock %}
diff --git a/ForgeFiles/forgefiles/templates/files.html b/ForgeFiles/forgefiles/templates/files.html
index af002b947..064be02eb 100755
--- a/ForgeFiles/forgefiles/templates/files.html
+++ b/ForgeFiles/forgefiles/templates/files.html
@@ -117,7 +117,7 @@ Files {% if folder_object %} - {{path_links(folder_path.split('/'), urls)}} {% e
<a data-toggle="tooltip " {% if not folder.disabled %} class="delete_icon admin_modal" href="{{c.app.url}}get_deletable_object?object_id={{folder._id}}" title="Delete" {% else %} class="disable_object" {% endif %}><i class="fa fa-trash-o" data-toggle='modal'></i></a>
- <a href="#" data-toggle="tooltip" {% if folder.disabled %} title="Enable" {% else %} title="Disable" {% endif %} onclick="ConfirmDisableFolder('{{ folder._id }}', '{{folder.disabled}}', '{{folder.parent_folder.disabled}}','{{c.app.url}}disable_folder')" ><i {% if folder.disabled %} class="fa fa-undo" {% else %} class="fa fa-ban" {% endif %}></i></a>
+ <a href="#" data-toggle="tooltip" {% if folder.disabled %} title="Enable" {% else %} title="Disable" {% endif %} class="confirm-disable-folder" data-folder-id="{{ folder._id }}" data-folder-disabled="{{folder.disabled}}" data-folder-parent-disabled="{{folder.parent_folder.disabled}}" data-folder-disable-url="{{c.app.url}}disable_folder" ><i {% if folder.disabled %} class="fa fa-undo" {% else %} class="fa fa-ban" {% endif %}></i></a>
</div>
@@ -144,12 +144,12 @@ Files {% if folder_object %} - {{path_links(folder_path.split('/'), urls)}} {% e
{% if h.has_access(c.project, 'admin')() %}
<td>
<div class="file_actions">
- <a data-toggle="tooltip" {% if not file.disabled %} href= "#" {% if not file.linked_to_download%} title="Link" {% else %} title="Unlink" {% endif %} class="link_icon" onclick="ConfirmLinkFile('{{ file._id }}', '{{ file.linked_to_download }}', '{{c.app.url}}link_file')" {% else %} class="disable_object" {% endif %} ><i class= "fa fa-link" {% if file.linked_to_download %} id="disable_link" {% endif %}></i></a>
+ <a data-toggle="tooltip" {% if not file.disabled %} href= "#" {% if not file.linked_to_download%} title="Link" {% else %} title="Unlink" {% endif %} class="link_icon confirm-link-file" data-file-id="{{ file._id }}" data-linked-download="{{ file.linked_to_download }}" data-linked-url="{{c.app.url}}link_file" {% else %} class="disable_object" {% endif %} ><i class= "fa fa-link" {% if file.linked_to_download %} id="disable_link" {% endif %}></i></a>
<a data-toggle="tooltip " {% if not file.disabled %} class="edit_icon admin_modal" href="{{c.app.url}}get_editable_object?object_id={{file._id}}" title="Edit" {% else %} class="disable_object" {% endif %}><i class="fa fa-edit" data-toggle='modal' ></i></a>
<a data-toggle="tooltip " {% if not file.disabled %} class="delete_icon admin_modal" href="{{c.app.url}}get_deletable_object?object_id={{file._id}}" title="Delete" {% else %} class="disable_object" {% endif %}><i class="fa fa-trash-o" data-toggle='modal' {% if not file.disabled %} {% endif %} ></i></a>
- <a href="#" data-toggle="tooltip" {% if file.disabled %} title="Enable" {% else %} title="Disable" {% endif %} onclick="ConfirmDisableFile('{{ file._id }}', '{{file.disabled}}', '{{file.parent_folder.disabled}}','{{c.app.url}}disable_file')" ><i {% if file.disabled %} class="fa fa-undo" {% else %} class="fa fa-ban" {% endif %}></i></a>
+ <a href="#" data-toggle="tooltip" {% if file.disabled %} title="Enable" {% else %} title="Disable" {% endif %} class="confirm-disable-file" data-file-id="{{ file._id }}" data-file-disabled="{{file.disabled}}" data-file-parent-folder-disabled="parent_folder.disabled" data-file-url="{{c.app.url}}disable_file" ><i {% if file.disabled %} class="fa fa-undo" {% else %} class="fa fa-ban" {% endif %}></i></a>
</div>
</td>
@@ -185,6 +185,34 @@ Files {% if folder_object %} - {{path_links(folder_path.split('/'), urls)}} {% e
{% block extra_js %}
<script type="text/javascript" src="{{g.app_static('js/files.js')}}"></script>
+<script>
+$('.confirm-disable-folder').each(function(el,index){
+ $(this).on('click', function(e){
+ var folder_id = $(this).data('folder-id');
+ var folder_disabled = $(this).data('folder-disabled');
+ var folder_parent_disabled = $(this).data('folder-parent-disabled');
+ var folder_disable_url = $(this).data('folder-disable-url');
+ ConfirmDisableFolder(folder_id, folder_disabled, folder_parent_disabled, folder_disable_url);
+ });
+});
+$('.confirm-link-file').each(function(el, index){
+ $(this).on('click', function(e){
+ var file_id = $(this).data('file-id');
+ var linked_download = $(this).data('linked-download');
+ var linked_url = $(this).data('linked-url');
+ ConfirmLinkFile(file_id,linked_download, linked_url);
+ });
+});
+$('.confirm-disable-file').each(function(el,index){
+ $(this).on('click', function(e){
+ var file_id = $(this).data('file-id');
+ var file_disabled = $(this).data('file-disabled');
+ var file_parent_folder_disabled = $(this).data('file-parent-folder-disabled');
+ var file_url = $(this).data('file-url');
+ ConfirmDisableFile(file_id, file_disabled, file_parent_folder_disabled, file_url);
+ });
+});
+</script>
{% endblock %}
diff --git a/ForgeSVN/forgesvn/templates/svn/checkout_url.html b/ForgeSVN/forgesvn/templates/svn/checkout_url.html
index ee06a632d..63a79a8d7 100644
--- a/ForgeSVN/forgesvn/templates/svn/checkout_url.html
+++ b/ForgeSVN/forgesvn/templates/svn/checkout_url.html
@@ -47,7 +47,7 @@
<hr>
<div class="grid-13"> </div>
<div class="grid-13">
- <input type="button" onclick="save_checkout_url()" value="Save">
+ <input type="button" id="save-checkout-url" value="Save">
<a href="#" class="close">Cancel</a>
</div>
{% endif %}
@@ -65,6 +65,10 @@
location.reload();
});
}
+ $('#save-checkout-url').on('click', function(e){
+ save_checkout_url();
+ e.preventDefault();
+ })
</script>
{% endif %}
{% endblock %}
diff --git a/ForgeTracker/forgetracker/templates/tracker_widgets/options_admin.html b/ForgeTracker/forgetracker/templates/tracker_widgets/options_admin.html
index e07cb372c..0e5120de8 100644
--- a/ForgeTracker/forgetracker/templates/tracker_widgets/options_admin.html
+++ b/ForgeTracker/forgetracker/templates/tracker_widgets/options_admin.html
@@ -43,7 +43,15 @@
{% for b in buttons %}
{{b.display()}}
{% endfor %}
- <a href="#" onclick="window.history.back(); return false;" class="close">Cancel</a>
+ <a href="#" id="tracker-options-cancel" class="close">Cancel</a>
</div>
{% if method.upper() == 'POST' %}{{lib.csrf_token()}}{% endif %}
</form>
+{% block extra_js %}
+<script>
+$('#tracker-options-cancel').on('click', function(e){
+ window.history.back();
+ e.preventDefault();
+})
+</script>
+{% endblock %}
diff --git a/ForgeTracker/forgetracker/widgets/admin_custom_fields.py b/ForgeTracker/forgetracker/widgets/admin_custom_fields.py
index e0e761924..a61899580 100644
--- a/ForgeTracker/forgetracker/widgets/admin_custom_fields.py
+++ b/ForgeTracker/forgetracker/widgets/admin_custom_fields.py
@@ -120,10 +120,6 @@ class TrackerFieldAdmin(f.ForgeForm):
class buttons(ew_core.NameList):
save = ew.SubmitButton(label='Save')
- cancel = ew.SubmitButton(
- label="Cancel",
- css_class='cancel', attrs=dict(
- onclick='window.location.reload(); return false;'))
def resources(self):
yield from self.fields['custom_fields'].resources()