- Implemented CSP (Content Security Policy)

sql/postgresql/intranet-timesheet2-tasks-create.sql

@@ -647,7 +647,7 @@ insert into im_views (view_id, view_name, visible_for) values (910, 'im_timeshee
 
 insert into im_view_columns (column_id, view_id, group_id, column_name, column_render_tcl,
 extra_select, extra_where, sort_order, visible_for) values (91022,910,NULL, 
-'"<input type=checkbox name=_dummy onclick=acs_ListCheckAll(''tasks'',this.checked)>"',
+'"<input id=list_check_all type=checkbox name=_dummy>"',
 '"<input type=checkbox name=task_id.$task_id id=tasks,$task_id>"', '', '', -1, '');
 
 insert into im_view_columns (column_id, view_id, group_id, column_name, column_render_tcl,
@@ -762,11 +762,11 @@ insert into im_views (view_id, view_name, visible_for) values (911,
 delete from im_view_columns where column_id = 91112;
 insert into im_view_columns (column_id, view_id, group_id, column_name, column_render_tcl,
 extra_select, extra_where, sort_order, visible_for) values (91112,911,NULL, 
-'"<input type=checkbox name=_dummy onclick=acs_ListCheckAll(''tasks'',this.checked)>"',
+'"<input id=list_check_all type=checkbox name=_dummy"',
 '"<input type=checkbox name=task_id.$task_id id=tasks,$task_id>"', '', '', -1, '');
 
-'"[im_gif del "Delete"]"', 
-'"<input type=checkbox name=task_id.$task_id>"', '', '', -1, '');
+-- '"[im_gif del "Delete"]"', 
+-- '"<input type=checkbox name=task_id.$task_id>"', '', '', -1, '');
 
 -- insert into im_view_columns (column_id, view_id, group_id, column_name, column_render_tcl,
 -- extra_select, extra_where, sort_order, visible_for) values (91100,911,NULL,'"Project Nr"',

tcl/intranet-timesheet2-tasks-procs.tcl

@@ -744,11 +744,21 @@ ad_proc -public im_timesheet_task_list_component {
 	set task_id $project_id
 
 	if {$write} {
-	    set cal_picker_start_date "<input type=\"button\" style=\"height:20px; width:20px; background: url('/resources/acs-templating/calendar.gif');\" onclick =\"return showCalendar('start_date.$task_id', 'y-m-d');\" >"
-	    set start_date_input "<input name='start_date.$task_id' id='start_date.$task_id' size='10' type='text' value='[string range $start_date 0 9]'>$cal_picker_start_date"
-
-	    set cal_picker_end_date "<input type=\"button\" style=\"height:20px; width:20px; background: url('/resources/acs-templating/calendar.gif');\" onclick =\"return showCalendar('end_date.$task_id', 'y-m-d');\" >"
-	    set end_date_input "<input name='end_date.$task_id' id='end_date.$task_id' size='10' type='text' value='[string range $end_date 0 9]'>$cal_picker_end_date"
+	    set cal_picker_start_date "<input id=start_date_calendar.$task_id type=\"button\" style=\"height:20px; width:20px; background: url('/resources/acs-templating/calendar.gif');\" >"
+	    set cal_script_start_date "<script type=\"text/javascript\" nonce=\"[im_csp_nonce]\">
+		window.addEventListener('load', function() { 
+			document.getElementById('start_date_calendar.$task_id').addEventListener('click', function() { showCalendar('start_date.$task_id', 'y-m-d'); });
+		});
+		</script>\n"
+	    set start_date_input "<input name='start_date.$task_id' id='start_date.$task_id' size='10' type='text' value='[string range $start_date 0 9]'>$cal_picker_start_date $cal_script_start_date"
+
+	    set cal_picker_end_date "<input id=end_date_calendar.$task_id type=\"button\" style=\"height:20px; width:20px; background: url('/resources/acs-templating/calendar.gif');\" >"
+	    set cal_script_end_date "<script type=\"text/javascript\" nonce=\"[im_csp_nonce]\">
+		window.addEventListener('load', function() { 
+			document.getElementById('end_date_calendar.$task_id').addEventListener('click', function() { showCalendar('end_date.$task_id', 'y-m-d'); });
+		});
+		</script>\n"
+	    set end_date_input "<input name='end_date.$task_id' id='end_date.$task_id' size='10' type='text' value='[string range $end_date 0 9]'>$cal_picker_end_date $cal_script_end_date"
 	} else {
 	    set start_date_input [string range $start_date 0 9]
 	    set end_date_input [string range $end_date 0 9]
@@ -882,6 +892,13 @@ ad_proc -public im_timesheet_task_list_component {
     set project_id $restrict_to_project_id
 
     set component_html "
+
+    	<script type='text/javascript' nonce='$::__csp_nonce'>
+	window.addEventListener('load', function() { 
+	     document.getElementById('list_check_all').addEventListener('click', function() { acs_ListCheckAll('tasks', this.checked) });
+	});
+	</script>
+
 	<form action=/intranet-timesheet2-tasks/task-action method=POST>
 	[export_vars -form {project_id return_url}]
 	<table bgcolor=white border=0 cellpadding=0 cellspacing=0 class=\"table_list_page\">

www/index.adp

@@ -10,5 +10,12 @@
 <property name="left_navbar">@left_navbar;literal@</property>
 <property name="show_context_help_p">@show_context_help_p;literal@</property>
 
+
+<script type="text/javascript" <if @::__csp_nonce@ not nil>nonce="@::__csp_nonce;literal@"</if>>
+window.addEventListener('load', function() { 
+     document.getElementById('list_check_all').addEventListener('click', function() { acs_ListCheckAll('tasks', this.checked) });
+});
+</script>
+
 @task_content;noquote@
 

www/new.adp

@@ -5,6 +5,14 @@
 <property name="focus">@focus;literal@</property>
 <property name="sub_navbar">@sub_navbar;literal@</property>
 
+<!-- Show calendar on start- and end-date -->
+<script type="text/javascript" <if @::__csp_nonce@ not nil>nonce="@::__csp_nonce;literal@"</if>>
+window.addEventListener('load', function() { 
+     document.getElementById('start_date_calendar').addEventListener('click', function() { showCalendarWithDateWidget('start_date', 'y-m-d'); });
+     document.getElementById('end_date_calendar').addEventListener('click', function() { showCalendarWithDateWidget('end_date', 'y-m-d'); });
+});
+</script>
+
 
 <if @message@ not nil>
   <div class="general-message">@message@</div>
@@ -39,7 +47,7 @@
   </tr>
 </table>
 
-<script type="text/javascript">
+<script type="text/javascript" <if @::__csp_nonce@ not nil>nonce="@::__csp_nonce;literal@"</if>>
         var html_tag = document.getElementsByName('task_name')[0];
         html_tag.setAttribute('onBlur','set_project_nr();');
 function set_project_nr() {

www/new.tcl

@@ -292,8 +292,8 @@ if {1} {
     ad_form -extend -name task -form {
 	{percent_completed:float(text),optional {label "[_ intranet-timesheet2-tasks.Percentage_completed]"} {html {size 10}} {help_text $percentage_completed_help}}
 	{note:text(textarea),optional {label "[_ intranet-timesheet2-tasks.Note]"} {html {cols 40}}}
-	{start_date:date(date),optional {label "[_ intranet-timesheet2.Start_Date]"} {after_html {<input type="button" style="height:23px; width:23px; background: url('/resources/acs-templating/calendar.gif');" onclick ="return showCalendarWithDateWidget('start_date', 'y-m-d');" >}} }
-	{end_date:date(date),optional {label "[_ intranet-timesheet2.End_Date]"} {after_html {<input type="button" style="height:23px; width:23px; background: url('/resources/acs-templating/calendar.gif');" onclick ="return showCalendarWithDateWidget('end_date', 'y-m-d');" >}} }
+	{start_date:date(date),optional {label "[_ intranet-timesheet2.Start_Date]"} {after_html {<input id=start_date_calendar type="button" style="height:23px; width:23px; background: url('/resources/acs-templating/calendar.gif');">}} }
+	{end_date:date(date),optional {label "[_ intranet-timesheet2.End_Date]"} {after_html {<input id=end_date_calendar type="button" style="height:23px; width:23px; background: url('/resources/acs-templating/calendar.gif');">}} }
     }
 }