Index: lams_tool_wiki/src/java/org/lamsfoundation/lams/tool/wiki/util/WikiConstants.java
===================================================================
RCS file: /usr/local/cvsroot/lams_tool_wiki/src/java/org/lamsfoundation/lams/tool/wiki/util/WikiConstants.java,v
diff -u -r1.7 -r1.8
--- lams_tool_wiki/src/java/org/lamsfoundation/lams/tool/wiki/util/WikiConstants.java 10 Mar 2012 09:57:43 -0000 1.7
+++ lams_tool_wiki/src/java/org/lamsfoundation/lams/tool/wiki/util/WikiConstants.java 12 Mar 2012 20:34:38 -0000 1.8
@@ -64,7 +64,6 @@
public static final String ATTR_CONTENT_EDITAVLE = "contentEditable";
public static final String ATTR_MAIN_PAGE_TITLE = "mainPageTitle";
public static final String ATTR_IS_GROUPED_ACTIVITY = "isGroupedActivity";
- public static final String ATTR_REFRESH_PAGE = "doRefreshPage";
// Events
public static final String EVENT_NOTIFY_TEACHERS = "wikiNotifyTeachers";
@@ -74,4 +73,7 @@
public static final String PARAM_PARENT_PAGE = "parentPage";
static final String FILTER_REPLACE_TEXT = "***";
+
+ public static final String JAVASCRIPT_TOKEN = "javascript";
+ public static final String JAVASCRIPT_REPLACE_TOKEN = "JAVASCRIPTREPLACE";
}
Index: lams_tool_wiki/src/java/org/lamsfoundation/lams/tool/wiki/web/actions/WikiPageAction.java
===================================================================
RCS file: /usr/local/cvsroot/lams_tool_wiki/src/java/org/lamsfoundation/lams/tool/wiki/web/actions/WikiPageAction.java,v
diff -u -r1.9 -r1.10
--- lams_tool_wiki/src/java/org/lamsfoundation/lams/tool/wiki/web/actions/WikiPageAction.java 10 Mar 2012 09:57:24 -0000 1.9
+++ lams_tool_wiki/src/java/org/lamsfoundation/lams/tool/wiki/web/actions/WikiPageAction.java 12 Mar 2012 20:34:38 -0000 1.10
@@ -110,6 +110,7 @@
// Set up the wiki form
WikiPageForm wikiForm = (WikiPageForm) form;
+ revertJavascriptTokenReplacement(wikiForm);
// Get the current wiki page
WikiPage currentPage = wikiService.getWikiPageByUid(currentPageUid);
@@ -153,9 +154,6 @@
}
- // LDEV-2824 Refresh page after loading, so Chrome does not disable new javascript code
- request.setAttribute(WikiConstants.ATTR_REFRESH_PAGE, true);
-
// Make sure the current page is set correctly then return to the wiki
return returnToWiki(mapping, wikiForm, request, response, currentPageUid);
}
@@ -357,6 +355,7 @@
// Set up the authoring form
WikiPageForm wikiForm = (WikiPageForm) form;
+ revertJavascriptTokenReplacement(wikiForm);
// get the wiki by either toolContentId or tool session
if (toolSessionID == null) {
@@ -397,9 +396,6 @@
if (toolSessionID != null && user != null) {
notifyWikiChange(toolSessionID, "notify.pageAdded.subject", "notify.pageAdded.body", user, request);
}
-
- // LDEV-2824 Refresh page after loading, so Chrome does not disable new javascript code
- request.setAttribute(WikiConstants.ATTR_REFRESH_PAGE, true);
// go to the new wiki page
return returnToWiki(mapping, wikiForm, request, response, currentPageUid);
@@ -559,4 +555,21 @@
subject, body);
}
}
+
+ /**
+ * Replaces codeword back to "javascript", so the content works correctly after displaying.
+ */
+ private void revertJavascriptTokenReplacement(WikiPageForm form) {
+ String encodedWikiBody = form.getNewPageWikiBody();
+ if (encodedWikiBody != null) {
+ form.setNewPageWikiBody(encodedWikiBody.replace(WikiConstants.JAVASCRIPT_REPLACE_TOKEN,
+ WikiConstants.JAVASCRIPT_TOKEN));
+ }
+
+ encodedWikiBody = form.getWikiBody();
+ if (encodedWikiBody != null) {
+ form.setWikiBody(encodedWikiBody.replace(WikiConstants.JAVASCRIPT_REPLACE_TOKEN,
+ WikiConstants.JAVASCRIPT_TOKEN));
+ }
+ }
}
Index: lams_tool_wiki/web/includes/javascript/authoring.js
===================================================================
RCS file: /usr/local/cvsroot/lams_tool_wiki/web/includes/javascript/authoring.js,v
diff -u -r1.2 -r1.3
--- lams_tool_wiki/web/includes/javascript/authoring.js 10 Oct 2008 01:18:47 -0000 1.2
+++ lams_tool_wiki/web/includes/javascript/authoring.js 12 Mar 2012 20:34:38 -0000 1.3
@@ -25,12 +25,7 @@
finishButtonDiv.style.display = "block";
}
}
-function doSubmit(method) {
- document.authoringForm.dispatch.value = method;
- document.authoringForm.submit();
-}
function deleteAttachment(dispatch, uuid) {
- document.authoringForm.dispatch.value = dispatch;
document.authoringForm.deleteFileUuid.value = uuid;
- document.authoringForm.submit();
+ submitWiki(dispatch);
}
Index: lams_tool_wiki/web/includes/javascript/monitoring.js
===================================================================
RCS file: /usr/local/cvsroot/lams_tool_wiki/web/includes/javascript/monitoring.js,v
diff -u -r1.1 -r1.2
--- lams_tool_wiki/web/includes/javascript/monitoring.js 8 Oct 2008 05:33:01 -0000 1.1
+++ lams_tool_wiki/web/includes/javascript/monitoring.js 12 Mar 2012 20:34:38 -0000 1.2
@@ -8,9 +8,4 @@
}
function doSelectTab(tabId) {
selectTab(tabId);
-}
-function doSubmit(method, tabId) {
- document.monitoringForm.method.value = method;
- document.monitoringForm.submit();
-}
-
+}
\ No newline at end of file
Index: lams_tool_wiki/web/includes/javascript/wikiCommon.js
===================================================================
RCS file: /usr/local/cvsroot/lams_tool_wiki/web/includes/javascript/wikiCommon.js,v
diff -u -r1.6 -r1.7
--- lams_tool_wiki/web/includes/javascript/wikiCommon.js 6 Oct 2010 10:16:46 -0000 1.6
+++ lams_tool_wiki/web/includes/javascript/wikiCommon.js 12 Mar 2012 20:34:38 -0000 1.7
@@ -88,3 +88,14 @@
wikiListImage.src = webUrl + "/images/tree_open.gif";
}
}
+
+// LDEV-2824 Replace "javascript" with another word before posting so browser does not detect it as XSS attack
+function replaceJavascriptToken()
+{
+ for (var instanceId in CKEDITOR.instances){
+ var instance = CKEDITOR.instances[instanceId];
+ var data = instance.getData();
+ var encodedData = data.replace(/javascript/g,"JAVASCRIPTREPLACE");
+ instance.setData(encodedData);
+ }
+}
Index: lams_tool_wiki/web/pages/authoring/basic.jsp
===================================================================
RCS file: /usr/local/cvsroot/lams_tool_wiki/web/pages/authoring/basic.jsp,v
diff -u -r1.10 -r1.11
--- lams_tool_wiki/web/pages/authoring/basic.jsp 6 Oct 2010 10:16:46 -0000 1.10
+++ lams_tool_wiki/web/pages/authoring/basic.jsp 12 Mar 2012 20:34:38 -0000 1.11
@@ -269,6 +269,7 @@
function submitWiki(dispatch)
{
document.getElementById("dispatch").value=dispatch;
+ replaceJavascriptToken();
document.getElementById("authoringForm").submit();
}
Index: lams_tool_wiki/web/pages/authoring/instructions.jsp
===================================================================
RCS file: /usr/local/cvsroot/lams_tool_wiki/web/pages/authoring/Attic/instructions.jsp,v
diff -u -r1.1 -r1.2
--- lams_tool_wiki/web/pages/authoring/instructions.jsp 8 Oct 2008 05:33:00 -0000 1.1
+++ lams_tool_wiki/web/pages/authoring/instructions.jsp 12 Mar 2012 20:34:39 -0000 1.2
@@ -92,7 +92,7 @@
-
@@ -196,7 +196,7 @@
-
Index: lams_tool_wiki/web/pages/learning/wiki.jsp
===================================================================
RCS file: /usr/local/cvsroot/lams_tool_wiki/web/pages/learning/wiki.jsp,v
diff -u -r1.19 -r1.20
--- lams_tool_wiki/web/pages/learning/wiki.jsp 10 Mar 2012 09:57:24 -0000 1.19
+++ lams_tool_wiki/web/pages/learning/wiki.jsp 12 Mar 2012 20:34:38 -0000 1.20
@@ -463,6 +463,7 @@
function submitWiki(dispatch)
{
document.getElementById("dispatch").value=dispatch;
+ replaceJavascriptToken();
document.getElementById("learningForm").submit();
}
@@ -494,10 +495,5 @@
window.location=url;
}
- var doRefreshPage = "${doRefreshPage}";
- if (doRefreshPage == "true"){
- refreshPage();
- }
-
-->
Index: lams_tool_wiki/web/pages/monitoring/wikiDisplay.jsp
===================================================================
RCS file: /usr/local/cvsroot/lams_tool_wiki/web/pages/monitoring/wikiDisplay.jsp,v
diff -u -r1.16 -r1.17
--- lams_tool_wiki/web/pages/monitoring/wikiDisplay.jsp 15 Feb 2011 20:37:59 -0000 1.16
+++ lams_tool_wiki/web/pages/monitoring/wikiDisplay.jsp 12 Mar 2012 20:34:38 -0000 1.17
@@ -363,6 +363,7 @@
function submitWiki(dispatch)
{
document.getElementById("dispatch").value=dispatch;
+ replaceJavascriptToken();
document.getElementById("monitoringForm").submit();
}