6 :license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses |
6 :license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses |
7 """ |
7 """ |
8 __docformat__ = "restructuredtext en" |
8 __docformat__ = "restructuredtext en" |
9 |
9 |
10 from logilab.common import dictattr |
10 from logilab.common import dictattr |
11 from logilab.mtconverter import html_escape |
11 from logilab.mtconverter import xml_escape |
12 |
12 |
13 from simplejson import dumps |
13 from simplejson import dumps |
14 |
14 |
15 from cubicweb.common import tags |
15 from cubicweb.common import tags |
16 from cubicweb.appobject import AppRsetObject |
16 from cubicweb.appobject import AppRsetObject |
142 if form.action is None: |
142 if form.action is None: |
143 action = self.req.build_url('edit') |
143 action = self.req.build_url('edit') |
144 else: |
144 else: |
145 action = form.action |
145 action = form.action |
146 tag = ('<form action="%s" method="post" enctype="%s"' % ( |
146 tag = ('<form action="%s" method="post" enctype="%s"' % ( |
147 html_escape(action or '#'), enctype)) |
147 xml_escape(action or '#'), enctype)) |
148 if form.domid: |
148 if form.domid: |
149 tag += ' id="%s"' % form.domid |
149 tag += ' id="%s"' % form.domid |
150 if form.onsubmit: |
150 if form.onsubmit: |
151 tag += ' onsubmit="%s"' % html_escape(form.onsubmit % dictattr(form)) |
151 tag += ' onsubmit="%s"' % xml_escape(form.onsubmit % dictattr(form)) |
152 if form.cssstyle: |
152 if form.cssstyle: |
153 tag += ' style="%s"' % html_escape(form.cssstyle) |
153 tag += ' style="%s"' % xml_escape(form.cssstyle) |
154 if form.cssclass: |
154 if form.cssclass: |
155 tag += ' class="%s"' % html_escape(form.cssclass) |
155 tag += ' class="%s"' % xml_escape(form.cssclass) |
156 if form.cwtarget: |
156 if form.cwtarget: |
157 tag += ' cubicweb:target="%s"' % html_escape(form.cwtarget) |
157 tag += ' cubicweb:target="%s"' % xml_escape(form.cwtarget) |
158 return tag + '>' |
158 return tag + '>' |
159 |
159 |
160 def display_field(self, form, field): |
160 def display_field(self, form, field): |
161 if isinstance(field, HiddenInitialValueField): |
161 if isinstance(field, HiddenInitialValueField): |
162 field = field.visible_field |
162 field = field.visible_field |
296 def _render_fields(self, fields, w, form): |
296 def _render_fields(self, fields, w, form): |
297 if form.is_subform: |
297 if form.is_subform: |
298 entity = form.edited_entity |
298 entity = form.edited_entity |
299 values = form.form_previous_values |
299 values = form.form_previous_values |
300 qeid = eid_param('eid', entity.eid) |
300 qeid = eid_param('eid', entity.eid) |
301 cbsetstate = "setCheckboxesState2('eid', %s, 'checked')" % html_escape(dumps(entity.eid)) |
301 cbsetstate = "setCheckboxesState2('eid', %s, 'checked')" % xml_escape(dumps(entity.eid)) |
302 w(u'<tr class="%s">' % (entity.row % 2 and u'even' or u'odd')) |
302 w(u'<tr class="%s">' % (entity.row % 2 and u'even' or u'odd')) |
303 # XXX turn this into a widget used on the eid field |
303 # XXX turn this into a widget used on the eid field |
304 w(u'<td>%s</td>' % checkbox('eid', entity.eid, checked=qeid in values)) |
304 w(u'<td>%s</td>' % checkbox('eid', entity.eid, checked=qeid in values)) |
305 for field in fields: |
305 for field in fields: |
306 error = form.form_field_error(field) |
306 error = form.form_field_error(field) |
409 w(u'<th>%s</th>' % row[3]) |
409 w(u'<th>%s</th>' % row[3]) |
410 w(u'<td>') |
410 w(u'<td>') |
411 w(u'<a class="handle" title="%s" href="%s">[x]</a>' % |
411 w(u'<a class="handle" title="%s" href="%s">[x]</a>' % |
412 (_('cancel this insert'), row[2])) |
412 (_('cancel this insert'), row[2])) |
413 w(u'<a id="a%s" class="editionPending" href="%s">%s</a>' |
413 w(u'<a id="a%s" class="editionPending" href="%s">%s</a>' |
414 % (row[1], row[4], html_escape(row[5]))) |
414 % (row[1], row[4], xml_escape(row[5]))) |
415 w(u'</td>') |
415 w(u'</td>') |
416 w(u'</tr>') |
416 w(u'</tr>') |
417 w(u'<tr id="relationSelectorRow_%s" class="separator">' % eid) |
417 w(u'<tr id="relationSelectorRow_%s" class="separator">' % eid) |
418 w(u'<th class="labelCol">') |
418 w(u'<th class="labelCol">') |
419 w(u'<span>%s</span>' % _('add relation')) |
419 w(u'<span>%s</span>' % _('add relation')) |
420 w(u'<select id="relationSelector_%s" tabindex="%s" ' |
420 w(u'<select id="relationSelector_%s" tabindex="%s" ' |
421 'onchange="javascript:showMatchingSelect(this.options[this.selectedIndex].value,%s);">' |
421 'onchange="javascript:showMatchingSelect(this.options[this.selectedIndex].value,%s);">' |
422 % (eid, req.next_tabindex(), html_escape(dumps(eid)))) |
422 % (eid, req.next_tabindex(), xml_escape(dumps(eid)))) |
423 w(u'<option value="">%s</option>' % _('select a relation')) |
423 w(u'<option value="">%s</option>' % _('select a relation')) |
424 for i18nrtype, rschema, target in srels_by_cat: |
424 for i18nrtype, rschema, target in srels_by_cat: |
425 # more entities to link to |
425 # more entities to link to |
426 w(u'<option value="%s_%s">%s</option>' % (rschema, target, i18nrtype)) |
426 w(u'<option value="%s_%s">%s</option>' % (rschema, target, i18nrtype)) |
427 w(u'</select>') |
427 w(u'</select>') |