--- a/web/request.py Wed Oct 20 15:40:03 2010 +0200
+++ b/web/request.py Wed Oct 20 15:57:35 2010 +0200
@@ -46,6 +46,10 @@
_MARKER = object()
+def build_cb_uid(seed):
+ sha = hashlib.sha1('%s%s%s' % (time.time(), seed, random.random()))
+ return 'cb_%s' % (sha.hexdigest())
+
def list_form_param(form, param, pop=False):
"""get param from form parameters and return its value as a list,
@@ -382,10 +386,7 @@
return "javascript: %s" % getattr(js, jsfunc)(cbname, *args)
def register_onetime_callback(self, func, *args):
- cbname = 'cb_%s' % (
- hashlib.sha1('%s%s%s%s' % (time.time(), func.__name__,
- random.random(),
- self.user.login)).hexdigest())
+ cbname = build_cb_uid(func.__name__)
def _cb(req):
try:
ret = func(req, *args)
@@ -607,10 +608,17 @@
Arbitrary extra named arguments may be given, they will be included as
parameters of the generated url.
"""
+ # define a function in headers and use it in the link to avoid url
+ # unescaping pb: browsers give the js expression to the interpreter
+ # after having url unescaping the content. This may make appear some
+ # quote or other special characters that will break the js expression.
extraparams.setdefault('fname', 'view')
url = self.build_url('json', **extraparams)
- return "javascript: $('#%s').%s; $.noop()" % (
- nodeid, js.loadxhtml(url, None, 'get', replacemode))
+ cbname = build_cb_uid(url[:50])
+ jscode = 'function %s() { $("#%s").%s; }' % (
+ cbname, nodeid, js.loadxhtml(url, None, 'get', replacemode))
+ self.html_headers.add_post_inline_script(jscode)
+ return "javascript: %s()" % cbname
# urls/path management ####################################################