Skip to content
Snippets Groups Projects
Commit e39e6b7e authored by Christian Boettcher's avatar Christian Boettcher
Browse files

safe property displays (escape relevant html characters)

status code checking for api calls
parent a44d90b7
Branches
Tags
No related merge requests found
...@@ -33,6 +33,15 @@ function getId() { ...@@ -33,6 +33,15 @@ function getId() {
return id; return id;
} }
function escapeHtml(unsafe) {
return unsafe
.replace(/&/g, "&")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/"/g, "&quot;")
.replace(/'/g, "&#039;");
}
// get option-html string from typename suffix // get option-html string from typename suffix
function getTypeHTMLString(name) { function getTypeHTMLString(name) {
return '<li><a class="dropdown-item" href="?type=' + name + '">' + name + '</a></li>'; return '<li><a class="dropdown-item" href="?type=' + name + '">' + name + '</a></li>';
...@@ -40,7 +49,8 @@ function getTypeHTMLString(name) { ...@@ -40,7 +49,8 @@ function getTypeHTMLString(name) {
// get tableentry-html for a dataset // get tableentry-html for a dataset
function getDatasetHTMLString(dataset) { function getDatasetHTMLString(dataset) {
return '<tr><th scope="row">'+ dataset[0] + '</th><td><a href="?type=' + getType() + "&oid=" + dataset[1] + '">' + dataset[1] + '</a></td></tr>' var safename = escapeHtml(dataset[0]);
return '<tr><th scope="row">'+ safename + '</th><td><a href="?type=' + getType() + "&oid=" + dataset[1] + '">' + dataset[1] + '</a></td></tr>'
} }
/* /*
...@@ -49,7 +59,9 @@ The value field is editable, but the edit is blocked by default ...@@ -49,7 +59,9 @@ The value field is editable, but the edit is blocked by default
authenticated users should be able to edit and submit authenticated users should be able to edit and submit
*/ */
function getPropertyHTMLString(property, value, readonly=true) { function getPropertyHTMLString(property, value, readonly=true) {
return '<tr><th scope="row">' + property + '</th><td colspan="2"><input class="form-control" type="text" id="' + property + 'Input" value="' + value + (readonly ? '" readonly' : '"') + '></td></tr>'; var safekey = escapeHtml(property);
var safeval = escapeHtml(value);
return '<tr><th scope="row">' + safekey + '</th><td colspan="2"><input class="form-control" type="text" id="' + safekey + 'Input" value="' + safeval + (readonly ? '" readonly' : '"') + '></td></tr>';
} }
/* /*
...@@ -70,7 +82,9 @@ authenticated users should be able to edit and submit ...@@ -70,7 +82,9 @@ authenticated users should be able to edit and submit
*/ */
function getMetadataPropertyHTMLString(property, value, readonly=true) { function getMetadataPropertyHTMLString(property, value, readonly=true) {
var randID = getRandomID(); var randID = getRandomID();
return '<tr id="' + randID + 'Row"><th scope="row"><input class="form-control dynamic-metadata" type="text" id="' + randID + '" value="' + property + (readonly ? '" readonly' : '"') + '></th><td><input class="form-control" type="text" id="' + randID + 'Input" value="' + value + (readonly ? '" readonly' : '"') + '></td><th><button type="button" class="btn btn-danger dynamic-metadata-button" onclick="removeMetadataRow(\'' + randID + '\')" id="' + randID + 'Button">-</button></th></tr>'; var safekey = escapeHtml(property);
var safeval = escapeHtml(value);
return '<tr id="' + randID + 'Row"><th scope="row"><input class="form-control dynamic-metadata" type="text" id="' + randID + '" value="' + safekey + (readonly ? '" readonly' : '"') + '></th><td><input class="form-control" type="text" id="' + randID + 'Input" value="' + safeval + (readonly ? '" readonly' : '"') + '></td><th><button type="button" class="btn btn-danger dynamic-metadata-button" onclick="removeMetadataRow(\'' + randID + '\')" id="' + randID + 'Button">-</button></th></tr>';
} }
/** /**
...@@ -142,7 +156,13 @@ function setDatasetList() { ...@@ -142,7 +156,13 @@ function setDatasetList() {
// XMLHttpRequest EVENTLISTENER: show banner with new dataset id // XMLHttpRequest EVENTLISTENER: show banner with new dataset id
function showNewDatasetID() { function showNewDatasetID() {
console.log("Response to create new Dataset POST: " + this.responseText); console.log("Response to create new Dataset POST: " + this.responseText);
// TODO http status check if (this.status >= 400) {
// some error occured while getting the data
// show an alert and don't do anything else
var alertHTML = '<div class="alert alert-danger" role="alert">Invalid response from server! Either the API server is down, or the dataset creation failed. Response code: ' + this.status + '<hr>Please try agagin later, and if the error persists, contact the server administrator.</div>';
$('#storageTypeChooser').after(alertHTML);
return;
}
var data = JSON.parse(this.responseText); var data = JSON.parse(this.responseText);
var id = data[0]; var id = data[0];
var alertHTML = '<div class="alert alert-success" role="alert">Dataset created! OID is: <a href="?type=' + getType() + '&oid=' + id + '">' + id + '</a></div>'; var alertHTML = '<div class="alert alert-success" role="alert">Dataset created! OID is: <a href="?type=' + getType() + '&oid=' + id + '">' + id + '</a></div>';
...@@ -153,7 +173,13 @@ function showNewDatasetID() { ...@@ -153,7 +173,13 @@ function showNewDatasetID() {
// XMLHttpRequest EVENTLISTENER: show banner with success message for change // XMLHttpRequest EVENTLISTENER: show banner with success message for change
function showSuccessfullyChangedDataset() { function showSuccessfullyChangedDataset() {
console.log("Response to modify dataset PUT: " + this.responseText); console.log("Response to modify dataset PUT: " + this.responseText);
// TODO http status check if (this.status >= 400) {
// some error occured while getting the data
// show an alert and don't do anything else
var alertHTML = '<div class="alert alert-danger" role="alert">Invalid response from server! Either the API server is down, or the dataset modification failed. Response code: ' + this.status + '<hr>Please try agagin later, and if the error persists, contact the server administrator.</div>';
$('#storageTypeChooser').after(alertHTML);
return;
}
var alertHTML = '<div class="alert alert-success" role="alert">Dataset was successfully changed!</div>'; var alertHTML = '<div class="alert alert-success" role="alert">Dataset was successfully changed!</div>';
$('#storageTypeChooser').after(alertHTML); $('#storageTypeChooser').after(alertHTML);
$('#spinner').remove(); $('#spinner').remove();
...@@ -162,7 +188,13 @@ function showSuccessfullyChangedDataset() { ...@@ -162,7 +188,13 @@ function showSuccessfullyChangedDataset() {
// XMLHttpRequest EVENTLISTENER: show banner with success message for deletion // XMLHttpRequest EVENTLISTENER: show banner with success message for deletion
function showSuccessfullyDeletedDataset() { function showSuccessfullyDeletedDataset() {
console.log("Response to DELETE dataset: " + this.responseText); console.log("Response to DELETE dataset: " + this.responseText);
// TODO http status check if (this.status >= 400) {
// some error occured while getting the data
// show an alert and don't do anything else
var alertHTML = '<div class="alert alert-danger" role="alert">Invalid response from server! Either the API server is down, or the dataset deletion failed. Response code: ' + this.status + '<hr>Please try agagin later, and if the error persists, contact the server administrator.</div>';
$('#storageTypeChooser').after(alertHTML);
return;
}
var alertHTML = '<div class="alert alert-danger" role="alert">Dataset was successfully deleted!</div>'; var alertHTML = '<div class="alert alert-danger" role="alert">Dataset was successfully deleted!</div>';
$('#storageTypeChooser').after(alertHTML); $('#storageTypeChooser').after(alertHTML);
$('#spinner').remove(); $('#spinner').remove();
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment