web/request.py
changeset 6564 ff9f7c566464
parent 6543 66145280a7e6
child 6581 4a3b264589dc
--- a/web/request.py	Wed Oct 20 15:40:03 2010 +0200
+++ b/web/request.py	Wed Oct 20 15:57:35 2010 +0200
@@ -46,6 +46,10 @@
 
 _MARKER = object()
 
+def build_cb_uid(seed):
+    sha = hashlib.sha1('%s%s%s' % (time.time(), seed, random.random()))
+    return 'cb_%s' % (sha.hexdigest())
+
 
 def list_form_param(form, param, pop=False):
     """get param from form parameters and return its value as a list,
@@ -382,10 +386,7 @@
         return "javascript: %s" % getattr(js, jsfunc)(cbname, *args)
 
     def register_onetime_callback(self, func, *args):
-        cbname = 'cb_%s' % (
-            hashlib.sha1('%s%s%s%s' % (time.time(), func.__name__,
-                                       random.random(),
-                                       self.user.login)).hexdigest())
+        cbname = build_cb_uid(func.__name__)
         def _cb(req):
             try:
                 ret = func(req, *args)
@@ -607,10 +608,17 @@
         Arbitrary extra named arguments may be given, they will be included as
         parameters of the generated url.
         """
+        # define a function in headers and use it in the link to avoid url
+        # unescaping pb: browsers give the js expression to the interpreter
+        # after having url unescaping the content. This may make appear some
+        # quote or other special characters that will break the js expression.
         extraparams.setdefault('fname', 'view')
         url = self.build_url('json', **extraparams)
-        return "javascript: $('#%s').%s; $.noop()" % (
-            nodeid, js.loadxhtml(url, None, 'get', replacemode))
+        cbname = build_cb_uid(url[:50])
+        jscode = 'function %s() { $("#%s").%s; }' % (
+            cbname, nodeid, js.loadxhtml(url, None, 'get', replacemode))
+        self.html_headers.add_post_inline_script(jscode)
+        return "javascript: %s()" % cbname
 
     # urls/path management ####################################################