Skip to Content

Changes for page Default Class Sheet

Last modified by Thomas Coelho (local) on 2023/08/09 10:59
From version 2.1
edited by Thomas Coelho
on 2022/10/18 14:09
Change comment: Install extension [org.xwiki.platform:xwiki-platform-xclass-ui/14.8]
To version 3.1
edited by Thomas Coelho (local)
on 2023/02/24 19:45
Change comment: Install extension [org.xwiki.platform:xwiki-platform-xclass-ui/14.10.3]

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -xwiki:XWiki.thw
1 +xwiki:XWiki.coelho
Content
... ... @@ -91,10 +91,17 @@
91 91  
92 92   #set ($classEditorURL = $doc.getURL('edit', 'editor=class'))
93 93   #if($doc.getxWikiClass().properties.size() == 0)
94 - {{warning}}$services.localization.render('platform.xclass.defaultClassSheet.properties.empty', [
95 - "{{html}}<a href='$classEditorURL'>",
96 - '</a>{{/html}}'
97 - ]){{/warning}}
94 + #set ($openLink = "<a href='$escapetool.xml($classEditorURL)'>")
95 + #set ($closeLink = '</a>')
96 + {{warning}}
97 + {{html}}
98 + ## First escape the content of the translation, then replace the placeholders with content that would otherwise be
99 + ## escaped during the first escaping.
100 + #set ($warningMessage = $services.localization.render('platform.xclass.defaultClassSheet.properties.empty',
101 + ['__OPEN_LINK__', '__CLOSE_LINK__']))
102 + $escapetool.xml($warningMessage).replace('__OPEN_LINK__', $openLink).replace('__CLOSE_LINK__', $closeLink)
103 + {{/html}}
104 + {{/warning}}
98 98   #else
99 99   (% id="HClassProperties" %)
100 100   = {{translation key="platform.xclass.defaultClassSheet.properties.heading"/}} =
... ... @@ -101,10 +101,12 @@
101 101   #foreach($property in $doc.getxWikiClass().properties)
102 102   * $services.rendering.escape("$property.prettyName ($property.name: $xwiki.metaclass.get($property.classType).prettyName)", $xwiki.currentContentSyntaxId)
103 103   #end
104 - * //$services.localization.render('platform.xclass.defaultClassSheet.properties.edit', [
105 - "{{html}}<a href='$classEditorURL'>",
106 - '</a>{{/html}}'
107 - ])//
111 + #set ($openLink = "<a href='$escapetool.xml($classEditorURL)'>")
112 + #set ($closeLink = '</a>')
113 + #set ($warningMessage = $escapetool.xml($services.localization.render('platform.xclass.defaultClassSheet.properties.edit', ['__OPEN_LINK__', '__CLOSE_LINK__'])))
114 + ## First escape the content of the translation, then replace the placeholders with content that would otherwise be
115 + ## escaped during the first escaping.
116 + * //{{html}}$warningMessage.replace('__OPEN_LINK__', $openLink).replace('__CLOSE_LINK__', $closeLink){{/html}}//
108 108  
109 109   #end
110 110   #if ($hasClassSheets && $hasClassTemplate)
... ... @@ -111,11 +111,16 @@
111 111   (% id="HCreatePage" %)
112 112   = {{translation key="platform.xclass.defaultClassSheet.createPage.heading"/}} =
113 113   #if("$!targetDocRef" != '' && $xwiki.exists($targetDocRef))
114 -
115 - {{warning}}$services.localization.render('platform.xclass.defaultClassSheet.createPage.pageAlreadyExists', [
116 - '[[',
117 - ">>$services.model.serialize($targetDocRef)]]"
118 - ]){{/warning}}
123 + {{warning}}
124 + {{html}}
125 + #set ($targetDocLink = $xwiki.getURL($targetDocRef))
126 + #set ($openLink = "<a href='$escapetool.xml($targetDocLink)'>")
127 + #set ($message = $escapetool.xml($services.localization.render('platform.xclass.defaultClassSheet.createPage.pageAlreadyExists', ['__OPEN_LINK__', '__CLOSE_LINK__'])))
128 + ## First escape the content of the translation, then replace the placeholders with content that would
129 + ## otherwise be escaped during the first escaping.
130 + $message.replace('__OPEN_LINK__', $openLink).replace('__CLOSE_LINK__', '</a>')
131 + {{/html}}
132 + {{/warning}}
119 119   #elseif("$!targetDocRef" != '')
120 120  
121 121   {{warning}}{{translation key="platform.xclass.defaultClassSheet.createPage.denied"/}}{{/warning}}
... ... @@ -126,8 +126,8 @@
126 126   <fieldset>
127 127   <div class="hidden">
128 128   <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" />
129 - <input type="hidden" name="parent" value="${defaultParent}"/>
130 - <input type="hidden" name="template" value="${classTemplateDoc}"/>
143 + <input type="hidden" name="parent" value="$escapetool.xml(${defaultParent})"/>
144 + <input type="hidden" name="template" value="$escapetool.xml(${classTemplateDoc})"/>
131 131   <input type="hidden" name="sheet" value="1"/>
132 132   </div>
133 133   #locationPicker({
... ... @@ -181,8 +181,8 @@
181 181   id="classEntries"
182 182   properties="doc.title,doc.location,doc.date,doc.author,doc.objectCount,_actions"
183 183   source="liveTable"
184 - className="${doc.fullName}"
185 - sourceParameters="${escapetool.url($options)}"
198 + className="$services.rendering.escape(${doc.fullName}, 'xwiki/2.1')"
199 + sourceParameters="$services.rendering.escape($escapetool.url($options), 'xwiki/2.1')"
186 186   }}
187 187   {
188 188   "meta": {
... ... @@ -209,7 +209,13 @@
209 209   {{translation key="platform.xclass.defaultClassSheet.sheets.missing"/}}
210 210   #end
211 211  
212 - {{info}}$services.localization.render('platform.xclass.defaultClassSheet.sheets.description', ['//', '//']){{/info}}
226 + {{info}}
227 + #set ($message = $services.localization.render('platform.xclass.defaultClassSheet.sheets.description', ['__START_EM__', '__END_EM__']))
228 + #set ($message = $escapetool.xml($message))
229 + ## First escape the content of the translation, then replace the placeholders with content that would
230 + ## otherwise be escaped during the first escaping.
231 + {{html}}$message.replace('__START_EM__', '<em>').replace('__END_EM__', '</em>'){{/html}}
232 + {{/info}}
213 213  
214 214   #if(!$hasClassSheets)
215 215   {{html}}
... ... @@ -216,8 +216,8 @@
216 216   <form action="$xwiki.getURL($defaultClassSheetReference, 'save', 'editor=wiki')" method="post">
217 217   <div>
218 218   <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" />
219 - <input type="hidden" name="parent" value="${doc.fullName}"/>
220 - <input type="hidden" name="xredirect" value="${doc.URL}"/>
239 + <input type="hidden" name="parent" value="$escapetool.xml(${doc.fullName})"/>
240 + <input type="hidden" name="xredirect" value="$escapetool.xml(${doc.URL})"/>
221 221   #set ($sheetContent = $xwiki.getDocument('XWiki.ObjectSheet').getContent().replace('XWiki.MyClass',
222 222   $doc.fullName))
223 223   ## We have to encode the new line characters in order to preserve them, otherwise they are replace with a
... ... @@ -242,7 +242,9 @@
242 242   {{translation key="platform.xclass.defaultClassSheet.sheets.notBound"/}} ##
243 243   #if ($hasEdit)
244 244   {{html}}
245 - <a href="$bindURL">$services.localization.render('platform.xclass.defaultClassSheet.sheets.bind') »</a>.
265 + <a href="$escapetool.xml($bindURL)">##
266 + $escapetool.xml($services.localization.render('platform.xclass.defaultClassSheet.sheets.bind')) »##
267 + </a>.
246 246   {{/html}}
247 247   #end
248 248   {{/warning}}
... ... @@ -254,7 +254,12 @@
254 254   #set($classSheetDoc = $xwiki.getDocument($classSheetReferences.get(0)))
255 255   #end
256 256   #set ($sheetPath = "#hierarchy($classSheetDoc.documentReference, {'plain': true, 'local': true, 'limit': 4})")
257 - [[$services.localization.render('platform.xclass.defaultClassSheet.sheets.view', [$sheetPath.trim()]) »>>${classSheetDoc.fullName}]]
279 + #set ($classSheetLink = "$services.localization.render('platform.xclass.defaultClassSheet.sheets.view', [$sheetPath.trim()]) »")
280 + #set ($classSheetLink = $services.rendering.escape($classSheetLink, 'xwiki/2.1'))
281 + #set ($classSheetLink = $services.rendering.escape($classSheetLink, 'xwiki/2.1'))
282 + #set ($classSheetText = ${classSheetDoc.fullName})
283 + #set ($classSheetText = $services.rendering.escape($classSheetText, 'xwiki/2.1'))
284 + [[$classSheetLink>>$classSheetText]]
258 258   #else
259 259   {{translation key="platform.xclass.defaultClassSheet.sheets.list"/}}
260 260  
... ... @@ -267,17 +267,22 @@
267 267   (% id="HClassTemplate" %)
268 268   = {{translation key="platform.xclass.defaultClassSheet.template.heading"/}} =
269 269  
270 - {{info}}$services.localization.render('platform.xclass.defaultClassSheet.template.description',
271 - ['//', '//']){{/info}}
297 + {{info}}
298 + #set ($message = $services.localization.render('platform.xclass.defaultClassSheet.template.description', ['__START_EM__', '__END_EM__']))
299 + #set ($message = $escapetool.xml($message))
300 + ## First escape the content of the translation, then replace the placeholders with content that would
301 + ## otherwise be escaped during the first escaping.
302 + {{html}}$message.replace('__START_EM__', '<em>').replace('__END_EM__', '</em>'){{/html}}
303 + {{/info}}
272 272  
273 273   #if (!$hasClassTemplate)
274 274   {{html}}
275 - <form action="$classTemplateDoc.getURL('save', 'editor=wiki')" method="post">
307 + <form action="$escapetool.xml($classTemplateDoc.getURL('save', 'editor=wiki'))" method="post">
276 276   <div>
277 277   <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" />
278 - <input type="hidden" name="parent" value="${doc.fullName}"/>
279 - <input type="hidden" name="xredirect" value="${doc.URL}"/>
280 - <input type="hidden" name="title" value="$className Template"/>
310 + <input type="hidden" name="parent" value="$escapetool.xml(${doc.fullName})"/>
311 + <input type="hidden" name="xredirect" value="$escapetool.xml(${doc.URL})"/>
312 + <input type="hidden" name="title" value="$escapetool.xml($className) Template"/>
281 281   <span class="buttonwrapper"><input type="submit" class="button" value="$escapetool.xml(
282 282   $services.localization.render('platform.xclass.defaultClassSheet.template.create'))"/></span>
283 283   </div>
... ... @@ -286,17 +286,30 @@
286 286   #else
287 287   #if(!$classTemplateDoc.getObject(${doc.fullName}))
288 288   #set($xredirect = $xwiki.relativeRequestURL)
289 - #set($createUrl = $classTemplateDoc.getURL('objectadd', "classname=${escapetool.url($doc.fullName)}&amp;xredirect=${escapetool.url($xredirect)}&amp;form_token=$!{services.csrf.getToken()}"))
321 + #set($createUrl = $classTemplateDoc.getURL('objectadd', "classname=${escapetool.url($doc.fullName)}&xredirect=${escapetool.url($xredirect)}&form_token=$!{services.csrf.getToken()}"))
290 290   {{warning}}
291 - $services.localization.render('platform.xclass.defaultClassSheet.template.missingObject', ["//$className//"]) ##
292 - {{html}}<a href="$createUrl">$escapetool.xml($services.localization.render(
293 - 'platform.xclass.defaultClassSheet.template.addObject', [$className])) »</a>.{{/html}}
323 + #set ($message = $services.localization.render('platform.xclass.defaultClassSheet.template.missingObject', ['__CLASS_NAME__']))
324 + #set ($message = $escapetool.xml($message))
325 + {{html}}
326 + ## First escape the content of the translation, then replace the placeholders with content that would
327 + ## otherwise be escaped during the first escaping.
328 + $message.replace('__CLASS_NAME__', "<em>$escapetool.xml($className)</em>")
329 + <a href="$escapetool.xml($createUrl)">##
330 + $escapetool.xml($services.localization.render('platform.xclass.defaultClassSheet.template.addObject', [$className])) »##
331 + </a>.
332 + {{/html}}
294 294   {{/warning}}
295 295  
296 296   #end
297 297   #set ($templatePath = "#hierarchy($classTemplateDoc.documentReference, {'plain': true, 'local': true, 'limit': 4})")
298 - [[$services.localization.render('platform.xclass.defaultClassSheet.template.view',
299 - [$templatePath.trim()]) »>>${classTemplateDoc.fullName}]]
337 + #set ($templateDocLink = "$services.localization.render('platform.xclass.defaultClassSheet.template.view', [$templatePath.trim()]) »")
338 + #set ($templateDocLink = $services.rendering.escape($templateDocLink, 'xwiki/2.1'))
339 + #set ($templateDocLink = $services.rendering.escape($templateDocLink, 'xwiki/2.1'))
340 + #set ($templateDocText = "${classTemplateDoc.fullName}")
341 + ## First escape the xwiki/2.1 syntax of the translation, then replace the placeholders with content that would
342 + ## otherwise be escaped during the first escaping.
343 + #set ($templateDocText = $services.rendering.escape($templateDocText, 'xwiki/2.1'))
344 + [[$templateDocLink>>$templateDocText]]
300 300   #end
301 301   ## Create a template provider only if a template for the current class exists.
302 302   #if ($classTemplateDoc.getObject(${doc.fullName}))
... ... @@ -303,8 +303,14 @@
303 303   (% id="HClassTemplateProvider" %)
304 304   = {{translation key="platform.xclass.defaultClassSheet.templateProvider.heading"/}} =
305 305  
306 - {{info}}$services.localization.render('platform.xclass.defaultClassSheet.templateProvider.description',
307 - ['//']){{/info}}
351 + {{info}}
352 + #set ($message = $services.localization.render('platform.xclass.defaultClassSheet.templateProvider.description', ['__EM__']))
353 + #set ($message = $services.rendering.escape($message, 'xwiki/2.1'))
354 + ## First escape the xwiki/2.1 syntax of the translation, then replace the placeholders with content that would
355 + ## otherwise be escaped during the first escaping.
356 + ## The replacement key is itself escaped, and it's escaped form needs to be used for the replacement.
357 + $message.replace('~_~_~E~M~_~_', '//')
358 + {{/info}}
308 308  
309 309   #if (!$hasClassTemplateProvider)
310 310   #set ($templateProviderClassName = 'XWiki.TemplateProviderClass')
... ... @@ -324,12 +324,12 @@
324 324   "${templateProviderClassName}_visibilityRestrictions": $restrictionSpace}))
325 325   #set ($createUrl = $classTemplateProviderDoc.getURL('objectadd', $createUrlQueryString))
326 326   {{html}}
327 - <form action="$classTemplateProviderDoc.getURL('save', 'editor=wiki')" method="post">
378 + <form action="$escapetool.xml($classTemplateProviderDoc.getURL('save', 'editor=wiki'))" method="post">
328 328   <div>
329 329   <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" />
330 - <input type="hidden" name="parent" value="${doc.fullName}"/>
331 - <input type="hidden" name="xredirect" value="$createUrl"/>
332 - <input type="hidden" name="title" value="$className Template Provider"/>
381 + <input type="hidden" name="parent" value="$escapetool.xml(${doc.fullName})"/>
382 + <input type="hidden" name="xredirect" value="$escapetool.xml($createUrl)"/>
383 + <input type="hidden" name="title" value="$escapetool.xml($className) Template Provider"/>
333 333   <span class="buttonwrapper"><input type="submit" class="button" value="$escapetool.xml(
334 334   $services.localization.render('platform.xclass.defaultClassSheet.templateProvider.create'))"/></span>
335 335   </div>
... ... @@ -337,8 +337,11 @@
337 337   {{/html}}
338 338   #else
339 339   #set ($templateProviderPath = "#hierarchy($classTemplateProviderDoc.documentReference, {'plain': true, 'local': true, 'limit': 4})")
340 - [[$services.localization.render('platform.xclass.defaultClassSheet.templateProvider.view',
341 - [$templateProviderPath.trim()]) »>>${classTemplateProviderDoc.fullName}]]
391 + #set ($linkTarget = "$services.localization.render('platform.xclass.defaultClassSheet.templateProvider.view', [$templateProviderPath.trim()]) »")
392 + #set ($linkTarget = $services.rendering.escape($linkTarget, 'xwiki/2.1'))
393 + #set ($linkTarget = $services.rendering.escape($linkTarget, 'xwiki/2.1'))
394 + #set ($linkLabel = $services.rendering.escape(${classTemplateProviderDoc.fullName}, 'xwiki/2.1'))
395 + [[$linkTarget>>$linkLabel]]
342 342   #end
343 343   #end
344 344