rattail/appypod-rattail
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

appy.gen: added param 'maxChars' for any Type, allowing to limit the amount of data in user input fields. Wherever possible, it is implemented using HTML attribute 'maxlength'; on server-side, content that is bigger than specified by maxChars is truncated (ie, it is not possible to force a maxlength for html textareas); implemented a first protection against XSS attacks (Javasscript detection in user input).

Browse source
This commit is contained in:
Gaetan Delannay 2011-05-05 16:44:06 +02:00
parent 9e7ddcc771
commit bce384e2da
4 changed files with 92 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

10
gen/plone25/skin/widgets/float.pt
View file

@ -6,7 +6,8 @@
<tal:comment replace="nothing">Edit macro for an Float.</tal:comment>
<metal:edit define-macro="edit">
<input tal:attributes="id name; name name; size widget/width;
<input tal:define="maxChars python: test(widget['maxChars'], widget['maxChars'], '')"
tal:attributes="id name; name name; size widget/width; maxlength maxChars;
value python: test(inRequest, requestValue, value)" type="text"/>
</metal:edit>
@ -16,14 +17,15 @@
</metal:cell>
<tal:comment replace="nothing">Search macro for an Float.</tal:comment>
<metal:search define-macro="search">
<metal:search define-macro="search"
tal:define="maxChars python: test(widget['maxChars'], widget['maxChars'], '')">
<label tal:content="python: tool.translate(widget['labelId'])"></label><br>&nbsp;&nbsp;
<tal:from define="fromName python: '%s*float' % widgetName">
<label tal:attributes="for fromName" tal:content="python: tool.translate('search_from')"></label>
<input type="text" tal:attributes="name fromName" size="4"/>
<input type="text" tal:attributes="name fromName; maxlength maxChars" size="4"/>
</tal:from>
<tal:to define="toName python: '%s_to' % name">
<label tal:attributes="for toName" tal:content="python: tool.translate('search_to')"></label>
<input type="text" tal:attributes="name toName" size="4"/>
<input type="text" tal:attributes="name toName; maxlength maxChars" size="4"/>
</tal:to><br/>
</metal:search>

10
gen/plone25/skin/widgets/integer.pt
View file

@ -5,7 +5,8 @@
<tal:comment replace="nothing">Edit macro for an Integer.</tal:comment>
<metal:edit define-macro="edit">
<input tal:attributes="id name; name name; size widget/width;
<input tal:define="maxChars python: test(widget['maxChars'], widget['maxChars'], '')"
tal:attributes="id name; name name; size widget/width; maxlength maxChars;
value python: test(inRequest, requestValue, value)" type="text"/>
</metal:edit>
@ -15,14 +16,15 @@
</metal:cell>
<tal:comment replace="nothing">Search macro for an Integer.</tal:comment>
<metal:search define-macro="search">
<metal:search define-macro="search"
tal:define="maxChars python: test(widget['maxChars'], widget['maxChars'], '')">
<label tal:content="python: tool.translate(widget['labelId'])"></label><br>&nbsp;&nbsp;
<tal:from define="fromName python: '%s*int' % widgetName">
<label tal:attributes="for fromName" tal:content="python: tool.translate('search_from')"></label>
<input type="text" tal:attributes="name fromName" size="4"/>
<input type="text" tal:attributes="name fromName; maxlength maxChars" size="4"/>
</tal:from>
<tal:to define="toName python: '%s_to' % name">
<label tal:attributes="for toName" tal:content="python: tool.translate('search_to')"></label>
<input type="text" tal:attributes="name toName" size="4"/>
<input type="text" tal:attributes="name toName; maxlength maxChars" size="4"/>
</tal:to><br/>
</metal:search>

11
gen/plone25/skin/widgets/string.pt
View file

@ -23,7 +23,8 @@
tal:define="fmt widget/format;
isSelect widget/isSelect;
isMaster widget/slaves;
isOneLine python: fmt in (0,3)">
isOneLine python: fmt in (0,3);
maxChars python: test(widget['maxChars'], widget['maxChars'], '')">
<tal:choice condition="isSelect">
<select tal:define="possibleValues python:contextObj.getPossibleValues(name, withTranslations=True, withBlankValue=True)"
@ -41,7 +42,7 @@
</select>
</tal:choice>
<tal:line condition="python: isOneLine and not isSelect">
<input tal:attributes="id name; name name; size widget/width;
<input tal:attributes="id name; name name; size widget/width; maxlength maxChars;
value python: test(inRequest, requestValue, value);
style python: 'text-transform:%s' % widget['transform'];
type python: (widget['format'] == 3) and 'password' or 'text'"/>
@ -53,8 +54,6 @@
style python: 'text-transform:%s' % widget['transform'];"
tal:content="python: test(inRequest, requestValue, value)">
</textarea>
<input type="hidden" value="text/plain" originalvalue="text/plain"
tal:attributes="name python: '%s_text_format' % name"/>
</tal:textarea>
<tal:rich condition="python: fmt == 2">
<tal:editor define="editor python: member.getProperty('wysiwyg_editor','').lower();
@ -84,7 +83,9 @@
<label tal:attributes="for widgetName" tal:content="python: tool.translate(widget['labelId'])"></label><br>&nbsp;&nbsp;
<tal:comment replace="nothing">Show a simple search field for most String fields.</tal:comment>
<tal:simpleSearch condition="not: widget/isSelect">
<input type="text" tal:attributes="name python: '%s*string-%s' % (widgetName, widget['transform']);
<input type="text" tal:define="maxChars python: test(widget['maxChars'], widget['maxChars'], '')"
tal:attributes="name python: '%s*string-%s' % (widgetName, widget['transform']);
maxlength maxChars;
style python: 'text-transform:%s' % widget['transform']"/>
</tal:simpleSearch>
<tal:comment replace="nothing">Show a multi-selection box for fields whose