Skip to Content

Changes for page Default Class Sheet

Last modified by Thomas Coelho (local) on 2023/08/09 10:59
From version 1.1
edited by Laura Sagunski
on 2022/09/27 12:39
Change comment: Install extension [org.xwiki.platform:xwiki-platform-xclass-ui/14.6]
To version 3.1
edited by Thomas Coelho (local)
on 2023/02/24 19:45
Change comment: Install extension [org.xwiki.platform:xwiki-platform-xclass-ui/14.10.3]

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -xwiki:XWiki.sagunski
1 +xwiki:XWiki.coelho
Content
... ... @@ -91,10 +91,17 @@
91 91  
92 92   #set ($classEditorURL = $doc.getURL('edit', 'editor=class'))
93 93   #if($doc.getxWikiClass().properties.size() == 0)
94 - {{warning}}$services.localization.render('platform.xclass.defaultClassSheet.properties.empty', [
95 - "{{html}}<a href='$classEditorURL'>",
96 - '</a>{{/html}}'
97 - ]){{/warning}}
94 + #set ($openLink = "<a href='$escapetool.xml($classEditorURL)'>")
95 + #set ($closeLink = '</a>')
96 + {{warning}}
97 + {{html}}
98 + ## First escape the content of the translation, then replace the placeholders with content that would otherwise be
99 + ## escaped during the first escaping.
100 + #set ($warningMessage = $services.localization.render('platform.xclass.defaultClassSheet.properties.empty',
101 + ['__OPEN_LINK__', '__CLOSE_LINK__']))
102 + $escapetool.xml($warningMessage).replace('__OPEN_LINK__', $openLink).replace('__CLOSE_LINK__', $closeLink)
103 + {{/html}}
104 + {{/warning}}
98 98   #else
99 99   (% id="HClassProperties" %)
100 100   = {{translation key="platform.xclass.defaultClassSheet.properties.heading"/}} =
... ... @@ -101,10 +101,12 @@
101 101   #foreach($property in $doc.getxWikiClass().properties)
102 102   * $services.rendering.escape("$property.prettyName ($property.name: $xwiki.metaclass.get($property.classType).prettyName)", $xwiki.currentContentSyntaxId)
103 103   #end
104 - * //$services.localization.render('platform.xclass.defaultClassSheet.properties.edit', [
105 - "{{html}}<a href='$classEditorURL'>",
106 - '</a>{{/html}}'
107 - ])//
111 + #set ($openLink = "<a href='$escapetool.xml($classEditorURL)'>")
112 + #set ($closeLink = '</a>')
113 + #set ($warningMessage = $escapetool.xml($services.localization.render('platform.xclass.defaultClassSheet.properties.edit', ['__OPEN_LINK__', '__CLOSE_LINK__'])))
114 + ## First escape the content of the translation, then replace the placeholders with content that would otherwise be
115 + ## escaped during the first escaping.
116 + * //{{html}}$warningMessage.replace('__OPEN_LINK__', $openLink).replace('__CLOSE_LINK__', $closeLink){{/html}}//
108 108  
109 109   #end
110 110   #if ($hasClassSheets && $hasClassTemplate)
... ... @@ -111,11 +111,16 @@
111 111   (% id="HCreatePage" %)
112 112   = {{translation key="platform.xclass.defaultClassSheet.createPage.heading"/}} =
113 113   #if("$!targetDocRef" != '' && $xwiki.exists($targetDocRef))
114 -
115 - {{warning}}$services.localization.render('platform.xclass.defaultClassSheet.createPage.pageAlreadyExists', [
116 - '[[',
117 - ">>$services.model.serialize($targetDocRef)]]"
118 - ]){{/warning}}
123 + {{warning}}
124 + {{html}}
125 + #set ($targetDocLink = $xwiki.getURL($targetDocRef))
126 + #set ($openLink = "<a href='$escapetool.xml($targetDocLink)'>")
127 + #set ($message = $escapetool.xml($services.localization.render('platform.xclass.defaultClassSheet.createPage.pageAlreadyExists', ['__OPEN_LINK__', '__CLOSE_LINK__'])))
128 + ## First escape the content of the translation, then replace the placeholders with content that would
129 + ## otherwise be escaped during the first escaping.
130 + $message.replace('__OPEN_LINK__', $openLink).replace('__CLOSE_LINK__', '</a>')
131 + {{/html}}
132 + {{/warning}}
119 119   #elseif("$!targetDocRef" != '')
120 120  
121 121   {{warning}}{{translation key="platform.xclass.defaultClassSheet.createPage.denied"/}}{{/warning}}
... ... @@ -123,10 +123,11 @@
123 123  
124 124   {{html}}
125 125   <form action="$doc.getURL()" id="newdoc" method="post" class="xform half">
140 + <fieldset>
126 126   <div class="hidden">
127 127   <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" />
128 - <input type="hidden" name="parent" value="${defaultParent}"/>
129 - <input type="hidden" name="template" value="${classTemplateDoc}"/>
143 + <input type="hidden" name="parent" value="$escapetool.xml(${defaultParent})"/>
144 + <input type="hidden" name="template" value="$escapetool.xml(${classTemplateDoc})"/>
130 130   <input type="hidden" name="sheet" value="1"/>
131 131   </div>
132 132   #locationPicker({
... ... @@ -161,6 +161,7 @@
161 161   'platform.xclass.defaultClassSheet.createPage.label'))"/>
162 162   </span>
163 163   </p>
179 + </fieldset>
164 164   </form>
165 165   {{/html}}
166 166  
... ... @@ -179,8 +179,8 @@
179 179   id="classEntries"
180 180   properties="doc.title,doc.location,doc.date,doc.author,doc.objectCount,_actions"
181 181   source="liveTable"
182 - className="${doc.fullName}"
183 - sourceParameters="${escapetool.url($options)}"
198 + className="$services.rendering.escape(${doc.fullName}, 'xwiki/2.1')"
199 + sourceParameters="$services.rendering.escape($escapetool.url($options), 'xwiki/2.1')"
184 184   }}
185 185   {
186 186   "meta": {
... ... @@ -207,7 +207,13 @@
207 207   {{translation key="platform.xclass.defaultClassSheet.sheets.missing"/}}
208 208   #end
209 209  
210 - {{info}}$services.localization.render('platform.xclass.defaultClassSheet.sheets.description', ['//', '//']){{/info}}
226 + {{info}}
227 + #set ($message = $services.localization.render('platform.xclass.defaultClassSheet.sheets.description', ['__START_EM__', '__END_EM__']))
228 + #set ($message = $escapetool.xml($message))
229 + ## First escape the content of the translation, then replace the placeholders with content that would
230 + ## otherwise be escaped during the first escaping.
231 + {{html}}$message.replace('__START_EM__', '<em>').replace('__END_EM__', '</em>'){{/html}}
232 + {{/info}}
211 211  
212 212   #if(!$hasClassSheets)
213 213   {{html}}
... ... @@ -214,8 +214,8 @@
214 214   <form action="$xwiki.getURL($defaultClassSheetReference, 'save', 'editor=wiki')" method="post">
215 215   <div>
216 216   <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" />
217 - <input type="hidden" name="parent" value="${doc.fullName}"/>
218 - <input type="hidden" name="xredirect" value="${doc.URL}"/>
239 + <input type="hidden" name="parent" value="$escapetool.xml(${doc.fullName})"/>
240 + <input type="hidden" name="xredirect" value="$escapetool.xml(${doc.URL})"/>
219 219   #set ($sheetContent = $xwiki.getDocument('XWiki.ObjectSheet').getContent().replace('XWiki.MyClass',
220 220   $doc.fullName))
221 221   ## We have to encode the new line characters in order to preserve them, otherwise they are replace with a
... ... @@ -240,7 +240,9 @@
240 240   {{translation key="platform.xclass.defaultClassSheet.sheets.notBound"/}} ##
241 241   #if ($hasEdit)
242 242   {{html}}
243 - <a href="$bindURL">$services.localization.render('platform.xclass.defaultClassSheet.sheets.bind') »</a>.
265 + <a href="$escapetool.xml($bindURL)">##
266 + $escapetool.xml($services.localization.render('platform.xclass.defaultClassSheet.sheets.bind')) »##
267 + </a>.
244 244   {{/html}}
245 245   #end
246 246   {{/warning}}
... ... @@ -252,7 +252,12 @@
252 252   #set($classSheetDoc = $xwiki.getDocument($classSheetReferences.get(0)))
253 253   #end
254 254   #set ($sheetPath = "#hierarchy($classSheetDoc.documentReference, {'plain': true, 'local': true, 'limit': 4})")
255 - [[$services.localization.render('platform.xclass.defaultClassSheet.sheets.view', [$sheetPath.trim()]) »>>${classSheetDoc.fullName}]]
279 + #set ($classSheetLink = "$services.localization.render('platform.xclass.defaultClassSheet.sheets.view', [$sheetPath.trim()]) »")
280 + #set ($classSheetLink = $services.rendering.escape($classSheetLink, 'xwiki/2.1'))
281 + #set ($classSheetLink = $services.rendering.escape($classSheetLink, 'xwiki/2.1'))
282 + #set ($classSheetText = ${classSheetDoc.fullName})
283 + #set ($classSheetText = $services.rendering.escape($classSheetText, 'xwiki/2.1'))
284 + [[$classSheetLink>>$classSheetText]]
256 256   #else
257 257   {{translation key="platform.xclass.defaultClassSheet.sheets.list"/}}
258 258  
... ... @@ -265,17 +265,22 @@
265 265   (% id="HClassTemplate" %)
266 266   = {{translation key="platform.xclass.defaultClassSheet.template.heading"/}} =
267 267  
268 - {{info}}$services.localization.render('platform.xclass.defaultClassSheet.template.description',
269 - ['//', '//']){{/info}}
297 + {{info}}
298 + #set ($message = $services.localization.render('platform.xclass.defaultClassSheet.template.description', ['__START_EM__', '__END_EM__']))
299 + #set ($message = $escapetool.xml($message))
300 + ## First escape the content of the translation, then replace the placeholders with content that would
301 + ## otherwise be escaped during the first escaping.
302 + {{html}}$message.replace('__START_EM__', '<em>').replace('__END_EM__', '</em>'){{/html}}
303 + {{/info}}
270 270  
271 271   #if (!$hasClassTemplate)
272 272   {{html}}
273 - <form action="$classTemplateDoc.getURL('save', 'editor=wiki')" method="post">
307 + <form action="$escapetool.xml($classTemplateDoc.getURL('save', 'editor=wiki'))" method="post">
274 274   <div>
275 275   <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" />
276 - <input type="hidden" name="parent" value="${doc.fullName}"/>
277 - <input type="hidden" name="xredirect" value="${doc.URL}"/>
278 - <input type="hidden" name="title" value="$className Template"/>
310 + <input type="hidden" name="parent" value="$escapetool.xml(${doc.fullName})"/>
311 + <input type="hidden" name="xredirect" value="$escapetool.xml(${doc.URL})"/>
312 + <input type="hidden" name="title" value="$escapetool.xml($className) Template"/>
279 279   <span class="buttonwrapper"><input type="submit" class="button" value="$escapetool.xml(
280 280   $services.localization.render('platform.xclass.defaultClassSheet.template.create'))"/></span>
281 281   </div>
... ... @@ -284,17 +284,30 @@
284 284   #else
285 285   #if(!$classTemplateDoc.getObject(${doc.fullName}))
286 286   #set($xredirect = $xwiki.relativeRequestURL)
287 - #set($createUrl = $classTemplateDoc.getURL('objectadd', "classname=${escapetool.url($doc.fullName)}&amp;xredirect=${escapetool.url($xredirect)}&amp;form_token=$!{services.csrf.getToken()}"))
321 + #set($createUrl = $classTemplateDoc.getURL('objectadd', "classname=${escapetool.url($doc.fullName)}&xredirect=${escapetool.url($xredirect)}&form_token=$!{services.csrf.getToken()}"))
288 288   {{warning}}
289 - $services.localization.render('platform.xclass.defaultClassSheet.template.missingObject', ["//$className//"]) ##
290 - {{html}}<a href="$createUrl">$escapetool.xml($services.localization.render(
291 - 'platform.xclass.defaultClassSheet.template.addObject', [$className])) »</a>.{{/html}}
323 + #set ($message = $services.localization.render('platform.xclass.defaultClassSheet.template.missingObject', ['__CLASS_NAME__']))
324 + #set ($message = $escapetool.xml($message))
325 + {{html}}
326 + ## First escape the content of the translation, then replace the placeholders with content that would
327 + ## otherwise be escaped during the first escaping.
328 + $message.replace('__CLASS_NAME__', "<em>$escapetool.xml($className)</em>")
329 + <a href="$escapetool.xml($createUrl)">##
330 + $escapetool.xml($services.localization.render('platform.xclass.defaultClassSheet.template.addObject', [$className])) »##
331 + </a>.
332 + {{/html}}
292 292   {{/warning}}
293 293  
294 294   #end
295 295   #set ($templatePath = "#hierarchy($classTemplateDoc.documentReference, {'plain': true, 'local': true, 'limit': 4})")
296 - [[$services.localization.render('platform.xclass.defaultClassSheet.template.view',
297 - [$templatePath.trim()]) »>>${classTemplateDoc.fullName}]]
337 + #set ($templateDocLink = "$services.localization.render('platform.xclass.defaultClassSheet.template.view', [$templatePath.trim()]) »")
338 + #set ($templateDocLink = $services.rendering.escape($templateDocLink, 'xwiki/2.1'))
339 + #set ($templateDocLink = $services.rendering.escape($templateDocLink, 'xwiki/2.1'))
340 + #set ($templateDocText = "${classTemplateDoc.fullName}")
341 + ## First escape the xwiki/2.1 syntax of the translation, then replace the placeholders with content that would
342 + ## otherwise be escaped during the first escaping.
343 + #set ($templateDocText = $services.rendering.escape($templateDocText, 'xwiki/2.1'))
344 + [[$templateDocLink>>$templateDocText]]
298 298   #end
299 299   ## Create a template provider only if a template for the current class exists.
300 300   #if ($classTemplateDoc.getObject(${doc.fullName}))
... ... @@ -301,8 +301,14 @@
301 301   (% id="HClassTemplateProvider" %)
302 302   = {{translation key="platform.xclass.defaultClassSheet.templateProvider.heading"/}} =
303 303  
304 - {{info}}$services.localization.render('platform.xclass.defaultClassSheet.templateProvider.description',
305 - ['//']){{/info}}
351 + {{info}}
352 + #set ($message = $services.localization.render('platform.xclass.defaultClassSheet.templateProvider.description', ['__EM__']))
353 + #set ($message = $services.rendering.escape($message, 'xwiki/2.1'))
354 + ## First escape the xwiki/2.1 syntax of the translation, then replace the placeholders with content that would
355 + ## otherwise be escaped during the first escaping.
356 + ## The replacement key is itself escaped, and it's escaped form needs to be used for the replacement.
357 + $message.replace('~_~_~E~M~_~_', '//')
358 + {{/info}}
306 306  
307 307   #if (!$hasClassTemplateProvider)
308 308   #set ($templateProviderClassName = 'XWiki.TemplateProviderClass')
... ... @@ -322,12 +322,12 @@
322 322   "${templateProviderClassName}_visibilityRestrictions": $restrictionSpace}))
323 323   #set ($createUrl = $classTemplateProviderDoc.getURL('objectadd', $createUrlQueryString))
324 324   {{html}}
325 - <form action="$classTemplateProviderDoc.getURL('save', 'editor=wiki')" method="post">
378 + <form action="$escapetool.xml($classTemplateProviderDoc.getURL('save', 'editor=wiki'))" method="post">
326 326   <div>
327 327   <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" />
328 - <input type="hidden" name="parent" value="${doc.fullName}"/>
329 - <input type="hidden" name="xredirect" value="$createUrl"/>
330 - <input type="hidden" name="title" value="$className Template Provider"/>
381 + <input type="hidden" name="parent" value="$escapetool.xml(${doc.fullName})"/>
382 + <input type="hidden" name="xredirect" value="$escapetool.xml($createUrl)"/>
383 + <input type="hidden" name="title" value="$escapetool.xml($className) Template Provider"/>
331 331   <span class="buttonwrapper"><input type="submit" class="button" value="$escapetool.xml(
332 332   $services.localization.render('platform.xclass.defaultClassSheet.templateProvider.create'))"/></span>
333 333   </div>
... ... @@ -335,8 +335,11 @@
335 335   {{/html}}
336 336   #else
337 337   #set ($templateProviderPath = "#hierarchy($classTemplateProviderDoc.documentReference, {'plain': true, 'local': true, 'limit': 4})")
338 - [[$services.localization.render('platform.xclass.defaultClassSheet.templateProvider.view',
339 - [$templateProviderPath.trim()]) »>>${classTemplateProviderDoc.fullName}]]
391 + #set ($linkTarget = "$services.localization.render('platform.xclass.defaultClassSheet.templateProvider.view', [$templateProviderPath.trim()]) »")
392 + #set ($linkTarget = $services.rendering.escape($linkTarget, 'xwiki/2.1'))
393 + #set ($linkTarget = $services.rendering.escape($linkTarget, 'xwiki/2.1'))
394 + #set ($linkLabel = $services.rendering.escape(${classTemplateProviderDoc.fullName}, 'xwiki/2.1'))
395 + [[$linkTarget>>$linkLabel]]
340 340   #end
341 341   #end
342 342