10 |
10 |
11 from copy import copy |
11 from copy import copy |
12 |
12 |
13 from simplejson import dumps |
13 from simplejson import dumps |
14 |
14 |
15 from logilab.mtconverter import html_escape |
15 from logilab.mtconverter import xml_escape |
16 from logilab.common.decorators import cached |
16 from logilab.common.decorators import cached |
17 |
17 |
18 from cubicweb.selectors import (specified_etype_implements, accepts_etype_compat, |
18 from cubicweb.selectors import (specified_etype_implements, accepts_etype_compat, |
19 non_final_entity, match_kwargs, one_line_rset) |
19 non_final_entity, match_kwargs, one_line_rset) |
20 from cubicweb.view import View, EntityView |
20 from cubicweb.view import View, EntityView |
146 |
146 |
147 def base_form(self, entity, kwargs): |
147 def base_form(self, entity, kwargs): |
148 output = [] |
148 output = [] |
149 for name, value, iid in self._hiddens: |
149 for name, value, iid in self._hiddens: |
150 if isinstance(value, basestring): |
150 if isinstance(value, basestring): |
151 value = html_escape(value) |
151 value = xml_escape(value) |
152 if iid: |
152 if iid: |
153 output.append(u'<input id="%s" type="hidden" name="%s" value="%s" />' |
153 output.append(u'<input id="%s" type="hidden" name="%s" value="%s" />' |
154 % (iid, name, value)) |
154 % (iid, name, value)) |
155 else: |
155 else: |
156 output.append(u'<input type="hidden" name="%s" value="%s" />' |
156 output.append(u'<input type="hidden" name="%s" value="%s" />' |
247 w(u'<th>%s</th>' % row[3]) |
247 w(u'<th>%s</th>' % row[3]) |
248 w(u'<td>') |
248 w(u'<td>') |
249 w(u'<a class="handle" title="%s" href="%s">[x]</a>' % |
249 w(u'<a class="handle" title="%s" href="%s">[x]</a>' % |
250 (_('cancel this insert'), row[2])) |
250 (_('cancel this insert'), row[2])) |
251 w(u'<a id="a%s" class="editionPending" href="%s">%s</a>' |
251 w(u'<a id="a%s" class="editionPending" href="%s">%s</a>' |
252 % (row[1], row[4], html_escape(row[5]))) |
252 % (row[1], row[4], xml_escape(row[5]))) |
253 w(u'</td>') |
253 w(u'</td>') |
254 w(u'</tr>') |
254 w(u'</tr>') |
255 w(u'<tr id="relationSelectorRow_%s" class="separator">' % eid) |
255 w(u'<tr id="relationSelectorRow_%s" class="separator">' % eid) |
256 w(u'<th class="labelCol">') |
256 w(u'<th class="labelCol">') |
257 w(u'<span>%s</span>' % _('add relation')) |
257 w(u'<span>%s</span>' % _('add relation')) |
258 w(u'<select id="relationSelector_%s" tabindex="%s" onchange="javascript:showMatchingSelect(this.options[this.selectedIndex].value,%s);">' |
258 w(u'<select id="relationSelector_%s" tabindex="%s" onchange="javascript:showMatchingSelect(this.options[this.selectedIndex].value,%s);">' |
259 % (eid, req.next_tabindex(), html_escape(dumps(eid)))) |
259 % (eid, req.next_tabindex(), xml_escape(dumps(eid)))) |
260 w(u'<option value="">%s</option>' % _('select a relation')) |
260 w(u'<option value="">%s</option>' % _('select a relation')) |
261 for i18nrtype, rschema, target in srels_by_cat: |
261 for i18nrtype, rschema, target in srels_by_cat: |
262 # more entities to link to |
262 # more entities to link to |
263 w(u'<option value="%s_%s">%s</option>' % (rschema, target, i18nrtype)) |
263 w(u'<option value="%s_%s">%s</option>' % (rschema, target, i18nrtype)) |
264 w(u'</select>') |
264 w(u'</select>') |
549 for rdef in sampleentity.relations_by_category('primary', 'add') |
549 for rdef in sampleentity.relations_by_category('primary', 'add') |
550 if rdef[0].type != 'eid'] |
550 if rdef[0].type != 'eid'] |
551 ctx = {'action' : self.build_url('edit'), |
551 ctx = {'action' : self.build_url('edit'), |
552 'error': self.error_message(), |
552 'error': self.error_message(), |
553 'progress': _('validating...'), |
553 'progress': _('validating...'), |
554 'url': html_escape(req.url()), |
554 'url': xml_escape(req.url()), |
555 'formid': self.id, |
555 'formid': self.id, |
556 'redirectvid': html_escape(form.get('__redirectvid', 'list')), |
556 'redirectvid': xml_escape(form.get('__redirectvid', 'list')), |
557 'redirectrql': html_escape(form.get('__redirectrql', self.rset.printable_rql())), |
557 'redirectrql': xml_escape(form.get('__redirectrql', self.rset.printable_rql())), |
558 'attrheaders': u'\n'.join(attrheaders), |
558 'attrheaders': u'\n'.join(attrheaders), |
559 'lines': u'\n'.join(self.edit_form(ent) for ent in self.rset.entities()), |
559 'lines': u'\n'.join(self.edit_form(ent) for ent in self.rset.entities()), |
560 'okvalue': _('button_ok').capitalize(), |
560 'okvalue': _('button_ok').capitalize(), |
561 'oktitle': _('validate modifications on selected items').capitalize(), |
561 'oktitle': _('validate modifications on selected items').capitalize(), |
562 'cancelvalue': _('button_reset').capitalize(), |
562 'cancelvalue': _('button_reset').capitalize(), |
581 % (checkbox('eid', eid, checked=checked), eid, entity.e_schema)) |
581 % (checkbox('eid', eid, checked=checked), eid, entity.e_schema)) |
582 # attribute relations (skip eid which is handled by the checkbox |
582 # attribute relations (skip eid which is handled by the checkbox |
583 wdg = entity.get_widget |
583 wdg = entity.get_widget |
584 wdgfactories = [wdg(rschema, x) for rschema, _, x in entity.relations_by_category('primary', 'add') |
584 wdgfactories = [wdg(rschema, x) for rschema, _, x in entity.relations_by_category('primary', 'add') |
585 if rschema.type != 'eid'] # XXX both (add, delete) |
585 if rschema.type != 'eid'] # XXX both (add, delete) |
586 seid = html_escape(dumps(eid)) |
586 seid = xml_escape(dumps(eid)) |
587 for wobj in wdgfactories: |
587 for wobj in wdgfactories: |
588 if isinstance(wobj, ComboBoxWidget): |
588 if isinstance(wobj, ComboBoxWidget): |
589 wobj.attrs['onchange'] = "setCheckboxesState2('eid', %s, 'checked')" % seid |
589 wobj.attrs['onchange'] = "setCheckboxesState2('eid', %s, 'checked')" % seid |
590 elif isinstance(wobj, InputWidget): |
590 elif isinstance(wobj, InputWidget): |
591 wobj.attrs['onkeypress'] = "setCheckboxesState2('eid', %s, 'checked')" % seid |
591 wobj.attrs['onkeypress'] = "setCheckboxesState2('eid', %s, 'checked')" % seid |