From e8036cf69aefd2ff8e2941452f6abe7d53f056ab Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 9 Jul 2024 18:04:40 +0200 Subject: [PATCH] Use data-attribute for js-data to avoid getting data encoded None of the methods to get the content of a DOM element (`.innerHTML`, `.innerText`, ...) return the content unchanged as it went over the wire. Using a data-attribute we can achieve that and need not to worry anymore about which solution will encode which value and thus break a feature. --- program/include/rcmail_output_html.php | 2 +- program/js/app.js | 2 +- tests/Actions/Contacts/EditTest.php | 2 +- tests/Actions/Contacts/ImportTest.php | 2 +- tests/Actions/Settings/FolderCreateTest.php | 2 +- tests/Actions/Settings/FolderSaveTest.php | 6 +++--- tests/Actions/Settings/IdentityCreateTest.php | 2 +- tests/Actions/Settings/IdentityEditTest.php | 2 +- tests/Actions/Settings/PrefsEditTest.php | 2 +- tests/Actions/Settings/ResponseCreateTest.php | 2 +- tests/Actions/Settings/ResponseEditTest.php | 2 +- 11 files changed, 13 insertions(+), 13 deletions(-) diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php index c2de9969e38..470f74bd4bd 100644 --- a/program/include/rcmail_output_html.php +++ b/program/include/rcmail_output_html.php @@ -1982,7 +1982,7 @@ protected function _write($output = '') $page_header .= array_reduce((array) $this->script_files['head_bottom'], $merge_script_files); } - $page_footer .= html::div(['id' => 'js-data', 'style' => 'display: none', 'hidden' => true], $this->get_js_commands()); + $page_footer .= html::div(['id' => 'js-data', 'style' => 'display: none', 'hidden' => true, 'data-js' => $this->get_js_commands()], ''); $page_footer .= $this->footer . "\n"; diff --git a/program/js/app.js b/program/js/app.js index c4698d6ae73..ed30c5b738b 100644 --- a/program/js/app.js +++ b/program/js/app.js @@ -807,7 +807,7 @@ function rcube_webmail() { this.interpret_js_data = function () { // Do not use `.textContent`, and neither jQuery's `.text()` here, // because both modify the actual string! - var raw = $('#js-data').html(); + var raw = document.getElementById('js-data').dataset.js; if (!raw) { return; } diff --git a/tests/Actions/Contacts/EditTest.php b/tests/Actions/Contacts/EditTest.php index f65981fa640..a7b08e351f1 100644 --- a/tests/Actions/Contacts/EditTest.php +++ b/tests/Actions/Contacts/EditTest.php @@ -40,7 +40,7 @@ public function test_run_edit_mode() $this->assertSame('Edit contact', $output->getProperty('pagetitle')); $this->assertSame($contact['contact_id'], $output->get_env('cid')); $this->assertTrue(stripos($result, '') === 0); - $this->assertTrue(strpos($result, '["gui_object","contactphoto","contactpic"]') !== false); + $this->assertTrue(strpos($result, htmlentities('["gui_object","contactphoto","contactpic"]')) !== false); } /** diff --git a/tests/Actions/Contacts/ImportTest.php b/tests/Actions/Contacts/ImportTest.php index fadfc2b556e..c9a1f5cb4b2 100644 --- a/tests/Actions/Contacts/ImportTest.php +++ b/tests/Actions/Contacts/ImportTest.php @@ -32,7 +32,7 @@ public function test_run_init() $this->assertSame('contactimport', $output->template); $this->assertSame('Import contacts', $output->getProperty('pagetitle')); $this->assertTrue(stripos($result, '') === 0); - $this->assertTrue(strpos($result, '["gui_object","importform","rcmImportForm"]') !== false); + $this->assertTrue(strpos($result, htmlentities('["gui_object","importform","rcmImportForm"]')) !== false); } /** diff --git a/tests/Actions/Settings/FolderCreateTest.php b/tests/Actions/Settings/FolderCreateTest.php index a94b70d74d0..5c196d76fb5 100644 --- a/tests/Actions/Settings/FolderCreateTest.php +++ b/tests/Actions/Settings/FolderCreateTest.php @@ -50,6 +50,6 @@ public function test_run() $this->assertSame('folderedit', $output->template); $this->assertSame('', $output->getProperty('pagetitle')); // TODO: It should have some title $this->assertTrue(stripos($result, '') === 0); - $this->assertTrue(strpos($result, '["gui_object","editform","form"]') !== false); + $this->assertTrue(strpos($result, htmlentities('["gui_object","editform","form"]')) !== false); } } diff --git a/tests/Actions/Settings/FolderSaveTest.php b/tests/Actions/Settings/FolderSaveTest.php index 0a4eabbf3ec..ddb49df1ac4 100644 --- a/tests/Actions/Settings/FolderSaveTest.php +++ b/tests/Actions/Settings/FolderSaveTest.php @@ -40,9 +40,9 @@ public function test_new_folder() $this->assertSame('iframe', $output->template); $this->assertTrue(stripos($result, '') === 0); - $this->assertTrue(strpos($result, '["parent.display_message","Folder created successfully.","confirmation",0]') !== false); - $this->assertTrue(strpos($result, '["parent.add_folder_row","NewTest",') !== false); - $this->assertTrue(strpos($result, '["parent.subscription_select"]') !== false); + $this->assertTrue(strpos($result, htmlentities('["parent.display_message","Folder created successfully.","confirmation",0]')) !== false); + $this->assertTrue(strpos($result, htmlentities('["parent.add_folder_row","NewTest",')) !== false); + $this->assertTrue(strpos($result, htmlentities('["parent.subscription_select"]')) !== false); } /** diff --git a/tests/Actions/Settings/IdentityCreateTest.php b/tests/Actions/Settings/IdentityCreateTest.php index 29d272d1832..26518b2ff77 100644 --- a/tests/Actions/Settings/IdentityCreateTest.php +++ b/tests/Actions/Settings/IdentityCreateTest.php @@ -28,6 +28,6 @@ public function test_run() $this->assertSame('identityedit', $output->template); $this->assertSame('Add identity', $output->getProperty('pagetitle')); $this->assertTrue(stripos($result, '') === 0); - $this->assertTrue(strpos($result, '["gui_object","editform","form"]') !== false); + $this->assertTrue(strpos($result, htmlentities('["gui_object","editform","form"]')) !== false); } } diff --git a/tests/Actions/Settings/IdentityEditTest.php b/tests/Actions/Settings/IdentityEditTest.php index ab5509c9f5c..805a98df8a9 100644 --- a/tests/Actions/Settings/IdentityEditTest.php +++ b/tests/Actions/Settings/IdentityEditTest.php @@ -37,7 +37,7 @@ public function test_run() $this->assertSame('Edit identity', $output->getProperty('pagetitle')); $this->assertSame($identity['identity_id'], $output->get_env('iid')); $this->assertTrue(stripos($result, '') === 0); - $this->assertTrue(strpos($result, '["gui_object","editform","form"]') !== false); + $this->assertTrue(strpos($result, htmlentities('["gui_object","editform","form"]')) !== false); $this->assertTrue(strpos($result, 'test@example.com') !== false); // TODO: Test error handling diff --git a/tests/Actions/Settings/PrefsEditTest.php b/tests/Actions/Settings/PrefsEditTest.php index 3f1a706d096..71339816f25 100644 --- a/tests/Actions/Settings/PrefsEditTest.php +++ b/tests/Actions/Settings/PrefsEditTest.php @@ -30,6 +30,6 @@ public function test_run() $this->assertSame('settingsedit', $output->template); $this->assertSame('Preferences', $output->getProperty('pagetitle')); $this->assertTrue(stripos($result, '') === 0); - $this->assertTrue(strpos($result, '["gui_object","editform","form"]') !== false); + $this->assertTrue(strpos($result, htmlentities('["gui_object","editform","form"]')) !== false); } } diff --git a/tests/Actions/Settings/ResponseCreateTest.php b/tests/Actions/Settings/ResponseCreateTest.php index d39caa74416..0f25868e78f 100644 --- a/tests/Actions/Settings/ResponseCreateTest.php +++ b/tests/Actions/Settings/ResponseCreateTest.php @@ -31,6 +31,6 @@ public function test_run() $this->assertSame('Add response', $output->getProperty('pagetitle')); $this->assertFalse($output->get_env('readonly')); $this->assertTrue(stripos($result, '') === 0); - $this->assertTrue(strpos($result, '["gui_object","editform","form"]') !== false); + $this->assertTrue(strpos($result, htmlentities('["gui_object","editform","form"]')) !== false); } } diff --git a/tests/Actions/Settings/ResponseEditTest.php b/tests/Actions/Settings/ResponseEditTest.php index 953018f361a..2dcab5c7f91 100644 --- a/tests/Actions/Settings/ResponseEditTest.php +++ b/tests/Actions/Settings/ResponseEditTest.php @@ -43,7 +43,7 @@ public function test_run() $this->assertSame('Edit response', $output->getProperty('pagetitle')); $this->assertTrue($output->get_env('readonly')); $this->assertTrue(stripos($result, '') === 0); - $this->assertTrue(strpos($result, '["gui_object","editform","form"]') !== false); + $this->assertTrue(strpos($result, htmlentities('["gui_object","editform","form"]')) !== false); $this->assertTrue(strpos($result, 'tinymce.min.js') !== false); $this->assertTrue(strpos($result, 'Static Response One') !== false);