• last updated 4 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Introduced missing ad_library statement at the beginning of file

- new conveniance function "template::add_event_listener"

- improve documentation on "template::add_confirm_handler"

- remove onclick and onkeypress inline scripts in list-procs

- bump version number to 5.9.1d7

  1. … 1 more file in changeset.
- renamve template::add_acs_confirm_handler into template::add_confirm_handler

  1. … 9 more files in changeset.
- generalize template::add_acs_confirm_handler to allow as well other event types, such as e.g. "submit"

  1. … 1 more file in changeset.
-Quoted sqared parenthesis in javascript giving problems to subst.

-Removed unnecessary call again to template::add_body_script

- added new function template::add_acs_confirm_handler for standardized confirm interactions ("are you sure") in order to get rid of onclick handlers

- bump version numbers to reflect dependencies

  1. … 1 more file in changeset.
- adding nonce values to script tags

  1. … 9 more files in changeset.
- add fallback for non CSP 2 compliant browsers for "head::add_script -script ..."

Removed dangerous catch idiom

Removed leftover count_query argument from template::paginator::create

- template::head::add_style: don't add identical entries multiple times

- avoid event bubbling for click listener

- add nonce to inline javascript

- make unsafe-inline optional in CSP for legacy browsers: add automatically "script-src 'unsafe-inline'" when scripted body_scripts are used

- add CSP nonce to script tags if nonce value is available

- turn function definition of acs_Focus() into a conditionally defined

body-script

- turn "body_event_handlers" into "window.addEventListener"

  1. … 4 more files in changeset.
- add support for W3C Subresource Integrity (SRI)

* For details about SRI, see https://www.w3.org/TR/SRI/

* Added arguments -crossorigin and -integrity

to the following functions

template::add_body_script

template::add_script

template::head::add_javascript

template::head::add_link

template::head::add_script

* Updated blank-master.adp

- some more cleanup:

* remove commented out code

* add missing argument documentation

(template::head::add_javascript)

* document arguments alphabetically

  1. … 3 more files in changeset.
- provide a better error message in case the request processor fails early

Prefer ns_quotehtml over ad_quotehtml, and quote fixing.

Value of within ad_quotehtml to avoid possible XSS attacks.

Added subst fixing acs_ListCheckAll variable substitutions not working.

- make daysInMonth more robust, when year contains leading zeros

improve demo example: www/doc/demo/form.tcl

- add second validator

- protect against runtime errors from duplicate user_ids

  1. … 1 more file in changeset.
- add csrf protection to demo apps and list templates with bulk actions

  1. … 6 more files in changeset.
- remove freshly introduced typo

- use subst for quoting to reduce backslashes

- fix contents of options (allow character entities)

- use ad_log for two more warnings

- improve warning message

- don't use dashes ("-") in namespaces

  1. … 7 more files in changeset.
- initialize variable ::template::util::richtext::editors for cases, where no richtext editor is registered