[hg] galaxy 2709: html escaping for tags

21 Sep 2009

details:   http://www.bx.psu.edu/hg/galaxy/rev/8fc33cdc1857
changeset: 2709:8fc33cdc1857
user:      jeremy goecks <jeremy.goecks@emory.edu>
date:      Thu Sep 17 12:45:36 2009 -0400
description:
html escaping for tags

4 file(s) affected in this change:

lib/galaxy/web/framework/helpers/__init__.py
static/scripts/autocomplete_tagging.js
static/scripts/packed/autocomplete_tagging.js
templates/tagging_common.mako

diffs (116 lines):

diff -r 2afb7110c649 -r 8fc33cdc1857 lib/galaxy/web/framework/helpers/__init__.py

--- a/lib/galaxy/web/framework/helpers/__init__.py	Thu Sep 17 11:47:37 2009 -0400
+++ b/lib/galaxy/web/framework/helpers/__init__.py	Thu Sep 17 12:45:36 2009 -0400
@@ -3,6 +3,7 @@
 pkg_resources.require( "WebHelpers" )
 from webhelpers import *
 
+from galaxy.util.json import to_json_string
 from datetime import datetime, timedelta
 
 # If the date is more than one week ago, then display the actual date instead of in words
diff -r 2afb7110c649 -r 8fc33cdc1857 static/scripts/autocomplete_tagging.js
--- a/static/scripts/autocomplete_tagging.js	Thu Sep 17 11:47:37 2009 -0400
+++ b/static/scripts/autocomplete_tagging.js	Thu Sep 17 12:45:36 2009 -0400
@@ -49,7 +49,7 @@
   
   // Tag area.
   var area_id = "tag-area-" + (ac_tag_area_id_gen)++;
-  var tag_area = $("<div></div>").attr("id", area_id).addClass("tag-area");
+  var tag_area = $("<div>").attr("id", area_id).addClass("tag-area");
   this.append(tag_area);
   
   //
@@ -72,7 +72,7 @@
   var build_toggle_link = function()
   {
     var link_text = settings.get_toggle_link_text_fn(settings.tags);
-    var toggle_link = $("<a href='/history/tags'>" + link_text + "</a>").addClass("toggle-link");
+    var toggle_link = $("<a href='/history/tags'>").text(link_text).addClass("toggle-link");
     // Link toggles the display state of the tag area.
     toggle_link.click( function() 
     { 
@@ -238,7 +238,7 @@
     });
 
     // Build tag button.
-    var tag_name_elt = $("<span>" + tag_str + "</span>").addClass("tag-name");
+    var tag_name_elt = $("<span>").text(tag_str).addClass("tag-name");
     tag_name_elt.click( function()
 		       {
 			  settings.tag_click_fn(tag_str);
@@ -261,10 +261,10 @@
     var t;
     if (settings.in_form)
       t = $( "<textarea id='history-tag-input' rows='1' cols='" +
-	    settings.input_size + "' value='" + tag_text + "'></textarea>" );
+	    settings.input_size + "' value='" + escape(tag_text) + "'></textarea>" );
     else // element not in form.
       t = $( "<input id='history-tag-input' type='text' size='" +
-	    settings.input_size + "' value='" + tag_text + "'></input>" );
+	    settings.input_size + "' value='" + escape(tag_text) + "'></input>" );
     t.keyup( function( e ) 
     {
       if ( e.keyCode == 27 ) 
diff -r 2afb7110c649 -r 8fc33cdc1857 static/scripts/packed/autocomplete_tagging.js
--- a/static/scripts/packed/autocomplete_tagging.js	Thu Sep 17 11:47:37 2009 -0400
+++ b/static/scripts/packed/autocomplete_tagging.js	Thu Sep 17 12:45:36 2009 -0400
@@ -1,1 +1,1 @@
-var ac_tag_area_id_gen=1;jQuery.fn.autocomplete_tagging=function(c){var e={get_toggle_link_text_fn:function(u){var w="";var v=o(u);if(v!=0){w=v+(v!=0?" Tags":" Tag")}else{w="Add tags"}return w},tag_click_fn:function(u){},input_size:20,in_form:false,tags:{},use_toggle_link:true,item_id:"",add_tag_img:"",add_tag_img_rollover:"",delete_tag_img:"",ajax_autocomplete_tag_url:"",ajax_retag_url:"",ajax_delete_tag_url:"",ajax_add_tag_url:""};var p=jQuery.extend(e,c);var k="tag-area-"+(ac_tag_area_id_gen)++;var m=$("<div></div>").attr("id",k).addClass("tag-area");this.append(m);var o=function(u){if(u.length){return u.length}var v=0;for(element in u){v++}return v};var b=function(){var u=p.get_toggle_link_text_fn(p.tags);var v=$("<a href='/history/tags'>"+u+"</a>").addClass("toggle-link");v.click(function(){var w=(m.css("display")=="none");var x;if(w){x=function(){var y=o(p.tags);if(y==0){m.click()}}}else{x=function(){m.blur()}}m.slideToggle("fast",x);return false});return v};var s=b();
 if(p.use_toggle_link){this.prepend(s)}var t=function(u){var v=new Array();for(key in u){v[v.length]=key+"-->"+u[key]}return"{"+v.join(",")+"}"};var a=function(v,u){return v+((u!=""&&u)?":"+u:"")};var h=function(u){return u.split(":")};var i=function(u){var v=$("<img src='"+p.add_tag_img+"' rollover='"+p.add_tag_img_rollover+"'/>").addClass("add-tag-button");v.click(function(){$(this).hide();m.click();return false});return v};var j=function(u){var v=$("<img src='"+p.delete_tag_img+"'/>").addClass("delete-tag-img");v.mouseenter(function(){$(this).attr("src",p.delete_tag_img_rollover)});v.mouseleave(function(){$(this).attr("src",p.delete_tag_img)});v.click(function(){var D=$(this).parent();var C=D.find(".tag-name").eq(0);var B=C.text();var z=h(B);var F=z[0];var y=z[1];var E=D.prev();D.remove();delete p.tags[F];var A=p.get_toggle_link_text_fn(p.tags);s.text(A);$.ajax({url:p.ajax_delete_tag_url,data:{tag_name:F},error:function(){p.tags[F]=y;if(E.hasClass("tag-button")){E.after(D)
 }else{m.prepend(D)}var G=p.get_toggle_link_text_fn(p.tags);alert("Remove tag failed");s.text(G);v.mouseenter(function(){$(this).attr("src",p.delete_tag_img_rollover)});v.mouseleave(function(){$(this).attr("src",p.delete_tag_img)})},success:function(){}});return true});var w=$("<span>"+u+"</span>").addClass("tag-name");w.click(function(){p.tag_click_fn(u);return true});var x=$("<span></span>").addClass("tag-button");x.append(w);x.append(v);return x};var d=function(v){var u;if(p.in_form){u=$("<textarea id='history-tag-input' rows='1' cols='"+p.input_size+"' value='"+v+"'></textarea>")}else{u=$("<input id='history-tag-input' type='text' size='"+p.input_size+"' value='"+v+"'></input>")}u.keyup(function(D){if(D.keyCode==27){$(this).trigger("blur")}else{if((D.keyCode==13)||(D.keyCode==188)||(D.keyCode==32)){new_value=this.value;if(return_key_pressed_for_autocomplete==true){return_key_pressed_for_autocomplete=false;return false}if(new_value.indexOf(": ",new_value.length-2)!=-1){thi
 s.value=new_value.substring(0,new_value.length-1);return false}if((D.keyCode==188)||(D.keyCode==32)){new_value=new_value.substring(0,new_value.length-1)}new_value=new_value.replace(/^\s+|\s+$/g,"");if(new_value.length<3){return false}this.value="";var A=j(new_value);var z=m.children(".tag-button");if(z.length!=0){var E=z.slice(z.length-1);E.after(A)}else{m.prepend(A)}var y=new_value.split(":");p.tags[y[0]]=y[1];var B=p.get_toggle_link_text_fn(p.tags);s.text(B);var C=$(this);$.ajax({url:p.ajax_add_tag_url,data:{new_tag:new_value},error:function(){A.remove();delete p.tags[y[0]];var F=p.get_toggle_link_text_fn(p.tags);s.text(F);alert("Add tag failed")},success:function(){C.flushCache()}});return false}}});var w=function(A,z,y,C,B){tag_name_and_value=C.split(":");return(tag_name_and_value.length==1?tag_name_and_value[0]:tag_name_and_value[1])};var x={selectFirst:false,formatItem:w,autoFill:false,highlight:false};u.autocomplete(p.ajax_autocomplete_tag_url,x);u.addClass("tag-input
 ");return u};for(tag_name in p.tags){var q=p.tags[tag_name];var l=a(tag_name,q);var g=j(l,s,p.tags);m.append(g)}var n=d("");var f=i(n);m.blur(function(u){r=o(p.tags);if(r!=0){f.show();n.hide();m.removeClass("active-tag-area")}else{}});m.append(f);m.append(n);n.hide();m.click(function(w){var v=$(this).hasClass("active-tag-area");if($(w.target).hasClass("delete-tag-img")&&!v){return false}if($(w.target).hasClass("tag-name")&&!v){return false}$(this).addClass("active-tag-area");f.hide();n.show();n.focus();var u=function(y){var x=m.attr("id");if(($(y.target).attr("id")!=x)&&($(y.target).parents().filter(x).length==0)){m.blur();$(document).unbind("click",u)}};$(window).click(u);return false});if(p.use_toggle_link){m.hide()}else{var r=o(p.tags);if(r==0){f.hide();n.show()}}return this.addClass("tag-element")};
\ No newline at end of file
+var ac_tag_area_id_gen=1;jQuery.fn.autocomplete_tagging=function(c){var e={get_toggle_link_text_fn:function(u){var w="";var v=o(u);if(v!=0){w=v+(v!=0?" Tags":" Tag")}else{w="Add tags"}return w},tag_click_fn:function(u){},input_size:20,in_form:false,tags:{},use_toggle_link:true,item_id:"",add_tag_img:"",add_tag_img_rollover:"",delete_tag_img:"",ajax_autocomplete_tag_url:"",ajax_retag_url:"",ajax_delete_tag_url:"",ajax_add_tag_url:""};var p=jQuery.extend(e,c);var k="tag-area-"+(ac_tag_area_id_gen)++;var m=$("<div>").attr("id",k).addClass("tag-area");this.append(m);var o=function(u){if(u.length){return u.length}var v=0;for(element in u){v++}return v};var b=function(){var u=p.get_toggle_link_text_fn(p.tags);var v=$("<a href='/history/tags'>").text(u).addClass("toggle-link");v.click(function(){var w=(m.css("display")=="none");var x;if(w){x=function(){var y=o(p.tags);if(y==0){m.click()}}}else{x=function(){m.blur()}}m.slideToggle("fast",x);return false});return v};var s=b();if(p.us
 e_toggle_link){this.prepend(s)}var t=function(u){var v=new Array();for(key in u){v[v.length]=key+"-->"+u[key]}return"{"+v.join(",")+"}"};var a=function(v,u){return v+((u!=""&&u)?":"+u:"")};var h=function(u){return u.split(":")};var i=function(u){var v=$("<img src='"+p.add_tag_img+"' rollover='"+p.add_tag_img_rollover+"'/>").addClass("add-tag-button");v.click(function(){$(this).hide();m.click();return false});return v};var j=function(u){var v=$("<img src='"+p.delete_tag_img+"'/>").addClass("delete-tag-img");v.mouseenter(function(){$(this).attr("src",p.delete_tag_img_rollover)});v.mouseleave(function(){$(this).attr("src",p.delete_tag_img)});v.click(function(){var D=$(this).parent();var C=D.find(".tag-name").eq(0);var B=C.text();var z=h(B);var F=z[0];var y=z[1];var E=D.prev();D.remove();delete p.tags[F];var A=p.get_toggle_link_text_fn(p.tags);s.text(A);$.ajax({url:p.ajax_delete_tag_url,data:{tag_name:F},error:function(){p.tags[F]=y;if(E.hasClass("tag-button")){E.after(D)}else{m
 .prepend(D)}var G=p.get_toggle_link_text_fn(p.tags);alert("Remove tag failed");s.text(G);v.mouseenter(function(){$(this).attr("src",p.delete_tag_img_rollover)});v.mouseleave(function(){$(this).attr("src",p.delete_tag_img)})},success:function(){}});return true});var w=$("<span>").text(u).addClass("tag-name");w.click(function(){p.tag_click_fn(u);return true});var x=$("<span></span>").addClass("tag-button");x.append(w);x.append(v);return x};var d=function(v){var u;if(p.in_form){u=$("<textarea id='history-tag-input' rows='1' cols='"+p.input_size+"' value='"+escape(v)+"'></textarea>")}else{u=$("<input id='history-tag-input' type='text' size='"+p.input_size+"' value='"+escape(v)+"'></input>")}u.keyup(function(D){if(D.keyCode==27){$(this).trigger("blur")}else{if((D.keyCode==13)||(D.keyCode==188)||(D.keyCode==32)){new_value=this.value;if(return_key_pressed_for_autocomplete==true){return_key_pressed_for_autocomplete=false;return false}if(new_value.indexOf(": ",new_value.length-2)!=-1
 ){this.value=new_value.substring(0,new_value.length-1);return false}if((D.keyCode==188)||(D.keyCode==32)){new_value=new_value.substring(0,new_value.length-1)}new_value=new_value.replace(/^\s+|\s+$/g,"");if(new_value.length<3){return false}this.value="";var A=j(new_value);var z=m.children(".tag-button");if(z.length!=0){var E=z.slice(z.length-1);E.after(A)}else{m.prepend(A)}var y=new_value.split(":");p.tags[y[0]]=y[1];var B=p.get_toggle_link_text_fn(p.tags);s.text(B);var C=$(this);$.ajax({url:p.ajax_add_tag_url,data:{new_tag:new_value},error:function(){A.remove();delete p.tags[y[0]];var F=p.get_toggle_link_text_fn(p.tags);s.text(F);alert("Add tag failed")},success:function(){C.flushCache()}});return false}}});var w=function(A,z,y,C,B){tag_name_and_value=C.split(":");return(tag_name_and_value.length==1?tag_name_and_value[0]:tag_name_and_value[1])};var x={selectFirst:false,formatItem:w,autoFill:false,highlight:false};u.autocomplete(p.ajax_autocomplete_tag_url,x);u.addClass("tag-
 input");return u};for(tag_name in p.tags){var q=p.tags[tag_name];var l=a(tag_name,q);var g=j(l,s,p.tags);m.append(g)}var n=d("");var f=i(n);m.blur(function(u){r=o(p.tags);if(r!=0){f.show();n.hide();m.removeClass("active-tag-area")}else{}});m.append(f);m.append(n);n.hide();m.click(function(w){var v=$(this).hasClass("active-tag-area");if($(w.target).hasClass("delete-tag-img")&&!v){return false}if($(w.target).hasClass("tag-name")&&!v){return false}$(this).addClass("active-tag-area");f.hide();n.show();n.focus();var u=function(y){var x=m.attr("id");if(($(y.target).attr("id")!=x)&&($(y.target).parents().filter(x).length==0)){m.blur();$(document).unbind("click",u)}};$(window).click(u);return false});if(p.use_toggle_link){m.hide()}else{var r=o(p.tags);if(r==0){f.hide();n.show()}}return this.addClass("tag-element")};
\ No newline at end of file
diff -r 2afb7110c649 -r 8fc33cdc1857 templates/tagging_common.mako
--- a/templates/tagging_common.mako	Thu Sep 17 11:47:37 2009 -0400
+++ b/templates/tagging_common.mako	Thu Sep 17 12:45:36 2009 -0400
@@ -7,13 +7,13 @@
         //
         <%
             ## Build string of tag name, values.
-            tag_names_and_values = list()
+            tag_names_and_values = dict()
             for tag in tagged_item.tags:
                 tag_name = tag.user_tname
                 tag_value = ""
                 if tag.value is not None:
                     tag_value = tag.user_value
-                tag_names_and_values.append( ("\"" + tag_name + "\" : \"" + tag_value + "\"") )
+                tag_names_and_values[unicode(tag_name, 'utf-8')] = unicode(tag_value, 'utf-8')
         %>
         //    
         // Returns the number of keys (elements) in an array/dictionary.
@@ -71,20 +71,20 @@
         
         var options =
         {
-          tags : {${unicode(", ".join(tag_names_and_values), 'utf-8')}},
-          get_toggle_link_text_fn: get_toggle_link_text,
-          tag_click_fn: function(tag) { /* Do nothing. */ },
-          <% tagged_item_id = trans.security.encode_id(tagged_item.id) %>
-          ajax_autocomplete_tag_url: "${h.url_for( controller='tag', action='tag_autocomplete_data', id=tagged_item_id, item_class=tagged_item.__class__.__name__ )}",
-          ajax_add_tag_url: "${h.url_for( controller='tag', action='add_tag_async', id=tagged_item_id, item_class=tagged_item.__class__.__name__ )}",
-          ajax_delete_tag_url: "${h.url_for( controller='tag', action='remove_tag_async', id=tagged_item_id, item_class=tagged_item.__class__.__name__ )}",
-          delete_tag_img: "${h.url_for('/static/images/delete_tag_icon_gray.png')}",
-          delete_tag_img_rollover: "${h.url_for('/static/images/delete_tag_icon_white.png')}",
-          add_tag_img: "${h.url_for('/static/images/add_icon.png')}",
-          add_tag_img_rollover: "${h.url_for('/static/images/add_icon_dark.png')}",
-          input_size: ${input_size},
-          in_form: ${in_form},
-          use_toggle_link: ${use_toggle_link}
+            tags : ${h.to_json_string(tag_names_and_values)},
+            get_toggle_link_text_fn: get_toggle_link_text,
+            tag_click_fn: function(tag) { /* Do nothing. */ },
+            <% tagged_item_id = trans.security.encode_id(tagged_item.id) %>
+            ajax_autocomplete_tag_url: "${h.url_for( controller='tag', action='tag_autocomplete_data', id=tagged_item_id, item_class=tagged_item.__class__.__name__ )}",
+            ajax_add_tag_url: "${h.url_for( controller='tag', action='add_tag_async', id=tagged_item_id, item_class=tagged_item.__class__.__name__ )}",
+            ajax_delete_tag_url: "${h.url_for( controller='tag', action='remove_tag_async', id=tagged_item_id, item_class=tagged_item.__class__.__name__ )}",
+            delete_tag_img: "${h.url_for('/static/images/delete_tag_icon_gray.png')}",
+            delete_tag_img_rollover: "${h.url_for('/static/images/delete_tag_icon_white.png')}",
+            add_tag_img: "${h.url_for('/static/images/add_icon.png')}",
+            add_tag_img_rollover: "${h.url_for('/static/images/add_icon_dark.png')}",
+            input_size: ${input_size},
+            in_form: ${in_form},
+            use_toggle_link: ${use_toggle_link}
          };
          
         $("#${elt_id}").autocomplete_tagging(options)

    

Greg Von Kuster

tags

participants (1)