Mercurial > p > roundup > code
diff roundup/cgi/templating.py @ 6215:af372b9372f6
Add data attributes to classhelp to allow use with CSP.
Add data attributes to classhelp templating code. This provides
a method to allow classhelp to work if there is a
Content-Security-Policy implemented by the roundup admin that uses
the client_nonce. See:
https://wiki.roundup-tracker.org/AddingContentSecurityPolicy for
details.
I hope to make CSP automatic in a future release.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Mon, 29 Jun 2020 11:59:12 -0400 |
| parents | edbd4bba728a |
| children | bda491248fd8 |
line wrap: on
line diff
--- a/roundup/cgi/templating.py Mon Jun 29 11:37:33 2020 -0400 +++ b/roundup/cgi/templating.py Mon Jun 29 11:59:12 2020 -0400 @@ -863,8 +863,9 @@ group, sort, pagesize, filter) onclick = "javascript:help_window('%s', '%s', '%s');return false;" % \ (help_url, width, height) - return '<a class="classhelp" href="%s" onclick="%s" %s>%s</a>' % \ - (help_url, onclick, self.cgi_escape_attrs(**html_kwargs), + return '<a class="classhelp" data-helpurl="%s" data-width="%s" data-height="%s" href="%s" onclick="%s" %s>%s</a>' % \ + (help_url, width, height, + help_url, onclick, self.cgi_escape_attrs(**html_kwargs), self._(label)) def submit(self, label=''"Submit New Entry", action="new", html_kwargs={}): @@ -2160,9 +2161,16 @@ date = "&date=%s"%self._value else : date = "" - return ('<a class="classhelp" href="javascript:help_window(' + + data_attr = { + "data-calurl": '%s?@template=calendar&property=%s&form=%s%s' % (self._classname, self._name, form, date), + "data-width": width, + "data-height": height + } + + return ('<a class="classhelp" %s href="javascript:help_window(' "'%s?@template=calendar&property=%s&form=%s%s', %d, %d)" - '">%s</a>'%(self._classname, self._name, form, date, width, + '">%s</a>'%(self.cgi_escape_attrs(**data_attr),self._classname, self._name, form, date, width, height, label)) class IntervalHTMLProperty(HTMLProperty):