- Fixed JavaScript issues with CSP

e8ee303d · Frank Bergmann · 0a92b831 · e8ee303d · e8ee303d · e8ee303d
Commit e8ee303d authored Dec 21, 2020 by Frank Bergmann
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 6 deletions

roles-table.tcl www/admin/roles-table.tcl +1 -1

transitions-table.tcl www/admin/transitions-table.tcl +2 -2

workflow.adp www/admin/workflow.adp +21 -3

No files found.
--- a/www/admin/roles-table.tcl
+++ b/www/admin/roles-table.tcl
@@ -51,7 +51,7 @@ db_multirow roles roles {
    }
    # For some reason we seem to need to ns_urlencode the whole thing again, when using it in javascript
    if { $modifiable_p } {
-	set delete_url [ad_quotehtml "javascript:if(confirm('Are you sure you want to delete this role?'))location.href='role-delete?[export_vars -url {workflow_key role_key return_url}]'"]
+	set delete_url "role-delete?[export_vars -url {workflow_key role_key return_url}]"
    }

 #    set delete_url "role-delete?[export_vars -url {workflow_key role_key return_url}]"

--- a/www/admin/transitions-table.tcl
+++ b/www/admin/transitions-table.tcl
@@ -46,10 +46,10 @@ db_multirow transitions transtitions {
       and r.workflow_key (+) = t.workflow_key
       and r.role_key (+) = t.role_key
     order by t.sort_order
-} {
+} {    
    # For some reason we seem to need to ns_urlencode the whole thing again when we use it in a javascript thing
    if { $modifiable_p } { 
-	set delete_url "javascript:if(confirm('Are you sure you want to delete this transition?'))location.href='task-delete?[export_vars -url {workflow_key transition_key}]'"
+	set delete_url "task-delete?[export_vars -url {workflow_key transition_key}]"
    }
    set edit_url "task-edit?[export_vars -url {workflow_key transition_key return_url}]"
    set role_edit_url "role-edit?[export_vars -url {workflow_key role_key return_url}]"

--- a/www/admin/workflow.adp
+++ b/www/admin/workflow.adp
@@ -3,6 +3,25 @@
 <property name="context">@context;noquote@</property>
 <property name="left_navbar">@left_navbar_html;noquote@</property>

+<script type='text/javascript' <if @::__csp_nonce@ not nil>nonce="@::__csp_nonce;literal@"</if>>
+window.addEventListener('load', function() {
+    var ref = document.getElementById('wf_delete_all_cases');
+    if (ref) ref.addEventListener('click', function() {
+	var msg = 'Are you sure that you want to delete all cases of this process?';
+	if (confirm(msg)) location.href='workflow-cases-delete?workflow_key=@workflow.workflow_key@'
+    });
+
+    var ref = document.getElementById('wf_delete_process_entire');
+    if (ref) ref.addEventListener('click', function() {
+	 var msg = "Are you sure you want to delete this business process definition?\n";
+	 msg = msg + "Doing so will delete all cases of this workflow.";
+	 if (confirm(msg)) location.href='workflow-delete?workflow_key=@workflow.workflow_key@'
+     });
+});
+</script>
+
+
+
 <!-- Tab bar -->
 <include src="workflow-tabs" tab="@tab;noquote@" workflow_key="@workflow_key;noquote@">

@@ -130,10 +149,9 @@
 		<tr bgcolor="#ffffff">
 		  <td>
 		    <if @workflow.num_cases@ gt 0>
-		      (<a href="javascript:if(confirm('Are you sure that you want to delete all cases of this process?'))location.href='workflow-cases-delete?workflow_key=@workflow.workflow_key@'">#acs-workflow.delete_all_cases#</a>) &nbsp;
+		      (<a id="wf_delete_all_cases" href="#">#acs-workflow.delete_all_cases#</a>) &nbsp;
 		    </if>
-		    (<a href="javascript:if(confirm('Are you sure you want to delete this business process definition?
-	Doing so will delete all cases of this workflow.'))location.href='workflow-delete?workflow_key=@workflow.workflow_key@'">#acs-workflow.lt_delete_process_entire#</a>)
+		    (<a id="wf_delete_process_entire" href="#">#acs-workflow.lt_delete_process_entire#</a>)
 		  </td>
 		</tr>
 	      </table>