Hi Alex,
Great serie of commits Alex (just looking at them now since I'm back from
holidays)!
Just a little comment: re the svn commit comment, could you always refer to a
jira issue? (I've seen several commits where there were no jira issues
mentioned).
Thanks a lot
-Vincent
On Aug 18, 2010, at 6:23 PM, abusenius (SVN) wrote:
> Author: abusenius
> Date: 2010-08-18 18:23:50 +0200 (Wed, 18 Aug 2010)
> New Revision: 30693
>
> Modified:
> platform/web/trunk/standard/src/main/webapp/templates/editclass.vm
> Log:
> Added missing escaping to class editor.
>
> Modified: platform/web/trunk/standard/src/main/webapp/templates/editclass.vm
> ===================================================================
> --- platform/web/trunk/standard/src/main/webapp/templates/editclass.vm
> 2010-08-18 16:12:24 UTC (rev 30692)
> +++ platform/web/trunk/standard/src/main/webapp/templates/editclass.vm
> 2010-08-18 16:23:50 UTC (rev 30693)
> @@ -36,10 +36,10 @@
> #if($prevSpace != '')
> </optgroup>
> #end
> - <optgroup label="${classdoc.space}">
> + <optgroup label="${escapetool.xml($classdoc.space)}">
> #set($prevSpace = ${classdoc.space})
> #end
> - <option value="$classdoc.getURL('edit',
> 'editor=class')">${classdoc.name}</option>
> + <option value="$classdoc.getURL('edit',
> 'editor=class')">${escapetool.xml($classdoc.name)}</option>
> #end
> #end
> #if($prevSpace != '')
> @@ -60,9 +60,9 @@
> * Display a class property
> *#
> #macro(displayProperty $field)
> - <div id="xproperty_$field.name" class="xproperty
> #if($field.disabled)disabled#end">
> + <div id="xproperty_${field.name}" class="xproperty
> #if($field.disabled)disabled#end">
> <div id="xproperty_${field.name}_title" class="xproperty-title
> ${field.type}">
> - <h2>$doc.displayView($field.xWikiClass.get('prettyName'),
> "${field.name}_" , $field)
> +
> <h2>$!{escapetool.xml($doc.displayView($field.xWikiClass.get('prettyName'),
> "${field.name}_" , $field))}
> ($doc.displayView($field.xWikiClass.get('name'), "${field.name}_" ,
> $field): $xwiki.metaclass.get($field.classType).prettyName)</h2>
> <div class="tools propertyTools"><a href='$doc.getURL('propdelete',
> "propname=${field.name}")'
> title="$msg.get('core.editors.class.deleteProperty.tooltip',
> [${field.name}])" class="tool
> delete">$msg.get('core.editors.class.deleteProperty.text')</a></div>
> </div>
> @@ -76,9 +76,9 @@
> #set($propDef = $field.xWikiClass.get($classprop))
> #if($hiddenProperties.indexOf($propDef.name) == -1)
> #if($propDef.type.indexOf('Boolean') != -1)
> - <dt class="boolean-property"><label class="hidden"
> for="${field.name}_$classprop">$propDef.getPrettyName()</label>$doc.displayEdit($propDef,
> "${field.name}_" , $field) $propDef.getPrettyName()</dt>
> + <dt class="boolean-property"><label class="hidden"
> for="${field.name}_$classprop">${escapetool.xml($propDef.getPrettyName())}</label>$doc.displayEdit($propDef,
> "${field.name}_" , $field) $propDef.getPrettyName()</dt>
> #else
> - <dt><label
> for="${field.name}_$classprop">$propDef.getPrettyName()
> $!{propertyDetails.get($classprop)}</label></dt>
> + <dt><label
> for="${field.name}_$classprop">${escapetool.xml($propDef.getPrettyName())}
> $!{propertyDetails.get($classprop)}</label></dt>
> <dd>$doc.displayEdit($propDef, "${field.name}_" , $field)</dd>
> #end
> #end
> @@ -99,7 +99,7 @@
> <label for="proptype"
> class="property-type-label">$msg.get('core.editors.class.addProperty.type.label'):</label>
> <select id="proptype" name="proptype" size="1">
> #foreach($prop in $xwiki.metaclass.properties)
> - <option value="${prop.name}">${prop.prettyName}</option>
> + <option
> value="${prop.name}">${escapetool.xml($prop.prettyName)}</option>
> #end
> </select>
> <span class="buttonwrapper">
> @@ -140,10 +140,10 @@
> #editActionButton('preview', 'preview')
> </div>
> <div id="xwikiclassproperties">
> - <div id="xclass_${class.name}" class="xclass">
> - <div id="xclass_${class.name}_title"
> class="xclass-title"><h2>$class.name</h2></div>
> + <div id="xclass_${escapetool.xml($class.name)}" class="xclass">
> + <div id="xclass_${escapetool.xml($class.name)}_title"
> class="xclass-title"><h2>${escapetool.xml($class.name)}</h2></div>
> #addPropertyForm()
> - <div id="xclass_${class.name}_content" class="xclass-content"><div
> id="xclassContent">
> + <div id="xclass_${escapetool.xml($class.name)}_content"
> class="xclass-content"><div id="xclassContent">
> #foreach ($field in $class.properties)
> #displayProperty($field)
> #end
>
> _______________________________________________
> notifications mailing list
> [email protected]
> http://lists.xwiki.org/mailman/listinfo/notifications
_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs
