github-advanced-security[bot] commented on code in PR #6402:
URL: https://github.com/apache/myfaces-tobago/pull/6402#discussion_r2071868908
##########
tobago-theme/tobago-theme-standard/src/main/ts/tobago-select-list-base.ts:
##########
@@ -119,37 +128,153 @@
}
}
- private filterEvent(event: Event): void {
+ private filterInputEvent(event: Event): void {
const input = event.currentTarget as HTMLInputElement;
const searchString = input.value;
- if (searchString.length > 0) {
- this.dropdownMenu?.show(); // do not show dropdown menu while leaving
the component
- }
- const filterFunction = TobagoFilterRegistry.get(this.filter);
- // XXX todo: if filterFunction not found?
-
- let entriesCount = 0;
- if (filterFunction != null) {
- this.rows.forEach(row => {
- const itemValue = row.cells.item(0).textContent;
- if (filterFunction(itemValue, searchString)) {
- row.classList.remove(Css.D_NONE);
- entriesCount++;
- } else {
- row.classList.add(Css.D_NONE);
- row.classList.remove(Css.TOBAGO_PRESELECT);
- }
- });
+ this.dropdownMenu?.show();
+
+ if (searchString.length >= this.minChars) {
+ if (this.tobagoFilter) {
+ this.showSpinner();
+ }
+
+ window.clearTimeout(this.timeout);
+ this.timeout = window.setTimeout(() => this.doFilter(searchString),
this.delay);
}
+ }
- const noEntriesHint = this.options.querySelector("." +
Css.TOBAGO_NO_ENTRIES);
- if (entriesCount === 0) {
- noEntriesHint.classList.remove(Css.D_NONE);
+ /**
+ * This function is also used for resetting the filter. Therefor "delay" and
"minChar" must not be tested inside this
+ * function.
+ */
+ protected doFilter(searchString: string) {
+ if (this.tobagoFilter) {
+ this.hiddenQueryInput.value = searchString;
+ jsf.ajax.request(
+ this.id,
+ null,
+ {
+ params: {
+ "javax.faces.behavior.event": "filter",
+ filterUpdate: this.id
+ },
+ execute: this.id,
+ render: this.id,
+ onevent: this.lazyResponse.bind(this),
+ onerror: this.lazyError.bind(this)
+ });
} else {
- noEntriesHint.classList.add(Css.D_NONE);
+ const filterFunction = TobagoFilterRegistry.get(this.filter);
+ // XXX todo: if filterFunction not found?
+
+ let entriesCount = 0;
+ if (filterFunction != null) {
+ this.rows.forEach(row => {
+ const itemValue = row.cells.item(0).textContent;
+ if (filterFunction(itemValue, searchString)) {
+ row.classList.remove(Css.D_NONE);
+ entriesCount++;
+ } else {
+ row.classList.add(Css.D_NONE);
+ row.classList.remove(Css.TOBAGO_PRESELECT);
+ }
+ });
+ }
+
+ if (entriesCount === 0) {
+ this.noEntriesHint.classList.remove(Css.D_NONE);
+ } else {
+ this.noEntriesHint.classList.add(Css.D_NONE);
+ }
}
}
+ private lazyResponse(event: EventData): void {
+ const updates: NodeListOf<Element> =
event.responseXML?.querySelectorAll("update");
+ if (updates && event.status === "complete") {
+ for (const update of updates) {
+ const id = update.getAttribute("id");
+ if (this.id === id) { // is a JSF element id, but not a technical id
from the framework
+ update.id = update.id + SelectListBase.SUFFIX_FILTER_UPDATE; //hide
from jsf.js
+ this.filterUpdateLoader = document.createElement("div");
+ this.filterUpdateLoader.innerHTML = update.textContent;
Review Comment:
## DOM text reinterpreted as HTML
[DOM text](1) is reinterpreted as HTML without escaping meta-characters.
[Show more
details](https://github.com/apache/myfaces-tobago/security/code-scanning/65)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@myfaces.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
