[rhmessaging-commits] rhmessaging commits: r3189 - mgmt/trunk/cumin/python/cumin.

[rhmessaging-commits at lists.jboss.org]

Author: eallen
Date: 2009-03-20 14:15:05 -0400 (Fri, 20 Mar 2009)
New Revision: 3189

Modified:
   mgmt/trunk/cumin/python/cumin/broker.py
   mgmt/trunk/cumin/python/cumin/broker.strings
Log:
Escaping user input fields to avoid problems with quotes.
Added <input type="hidden"...> for the More Entries button since button values don't get sent in a form submit unless the button type is submit.

Modified: mgmt/trunk/cumin/python/cumin/broker.py
===================================================================
--- mgmt/trunk/cumin/python/cumin/broker.py	2009-03-20 15:38:56 UTC (rev 3188)
+++ mgmt/trunk/cumin/python/cumin/broker.py	2009-03-20 18:15:05 UTC (rev 3189)
@@ -625,7 +625,7 @@
     def render_field_name_value(self, session, index):
         names = self.names.get(session)
         if len(names) > index:
-            return names[index]
+            return escape_entity(names[index])
 
     def render_field_name_errors(self, session, index):
         errors = self.name_errors.get(session)
@@ -639,7 +639,7 @@
     def render_field_address_value(self, session, index):
         addrs = self.addrs.get(session)
         if len(addrs) > index:
-            return addrs[index]
+            return escape_entity(addrs[index])
 
     def render_field_address_errors(self, session, index):
         errors = self.addr_errors.get(session)
@@ -674,20 +674,6 @@
         def render_content(self, session):
             return "More Entries"
 
-        def render_class(self, session):
-            return "more"
-
-        def render_type(self, session):
-            """ using type="button" so pressing
-            Enter on the form will not add more fields """
-            return "button"
-        
-        def render_onclick(self, session):
-            """ since this isn't a type="submit" button,
-            we need javascript to submit the form when
-            the button is clicked """
-            return "click_more"
-
 class BrokerSetAdd(BrokerSetForm):
     def process_cancel(self, session):
         branch = session.branch()

Modified: mgmt/trunk/cumin/python/cumin/broker.strings
===================================================================
--- mgmt/trunk/cumin/python/cumin/broker.strings	2009-03-20 15:38:56 UTC (rev 3188)
+++ mgmt/trunk/cumin/python/cumin/broker.strings	2009-03-20 18:15:05 UTC (rev 3189)
@@ -266,6 +266,9 @@
 }())
 </script>
 
+[MoreEntries.html]
+<input type="hidden" name="{name}" value="" />
+<button class="more" type="button" tabindex="{tab_index}" {disabled_attr} onclick="return click_more('{name}', '{value}')">{content}</button>
 
 [BrokerSetForm.field_html]
 <tr>