Use data-attribute for js-data to avoid getting data encoded

None of the methods to get the content of a DOM element (`.innerHTML`, `.innerText`, ...) return the content unchanged as it went over the wire. Using a data-attribute we can achieve that and need not to worry anymore about which solution will encode which value and thus break a feature.
roundcube · Jul 9, 2024 · e8036cf · e8036cf
1 parent 35d0bf7
commit e8036cf
Show file tree

Hide file tree

Showing 11 changed files with 13 additions and 13 deletions.
diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php
@@ -1982,7 +1982,7 @@ protected function _write($output = '')
             $page_header .= array_reduce((array) $this->script_files['head_bottom'], $merge_script_files);
         }
 
-        $page_footer .= html::div(['id' => 'js-data', 'style' => 'display: none', 'hidden' => true], $this->get_js_commands());
+        $page_footer .= html::div(['id' => 'js-data', 'style' => 'display: none', 'hidden' => true, 'data-js' => $this->get_js_commands()], '');
 
         $page_footer .= $this->footer . "\n";
 

diff --git a/program/js/app.js b/program/js/app.js
@@ -807,7 +807,7 @@ function rcube_webmail() {
     this.interpret_js_data = function () {
         // Do not use `.textContent`, and neither jQuery's `.text()` here,
         // because both modify the actual string!
-        var raw = $('#js-data').html();
+        var raw = document.getElementById('js-data').dataset.js;
         if (!raw) {
             return;
         }

diff --git a/tests/Actions/Contacts/EditTest.php b/tests/Actions/Contacts/EditTest.php
@@ -40,7 +40,7 @@ public function test_run_edit_mode()
         $this->assertSame('Edit contact', $output->getProperty('pagetitle'));
         $this->assertSame($contact['contact_id'], $output->get_env('cid'));
         $this->assertTrue(stripos($result, '<!DOCTYPE html>') === 0);
-        $this->assertTrue(strpos($result, '["gui_object","contactphoto","contactpic"]') !== false);
+        $this->assertTrue(strpos($result, htmlentities('["gui_object","contactphoto","contactpic"]')) !== false);
     }
 
     /**

diff --git a/tests/Actions/Contacts/ImportTest.php b/tests/Actions/Contacts/ImportTest.php
@@ -32,7 +32,7 @@ public function test_run_init()
         $this->assertSame('contactimport', $output->template);
         $this->assertSame('Import contacts', $output->getProperty('pagetitle'));
         $this->assertTrue(stripos($result, '<!DOCTYPE html>') === 0);
-        $this->assertTrue(strpos($result, '["gui_object","importform","rcmImportForm"]') !== false);
+        $this->assertTrue(strpos($result, htmlentities('["gui_object","importform","rcmImportForm"]')) !== false);
     }
 
     /**

diff --git a/tests/Actions/Settings/FolderCreateTest.php b/tests/Actions/Settings/FolderCreateTest.php
@@ -50,6 +50,6 @@ public function test_run()
         $this->assertSame('folderedit', $output->template);
         $this->assertSame('', $output->getProperty('pagetitle')); // TODO: It should have some title
         $this->assertTrue(stripos($result, '<!DOCTYPE html>') === 0);
-        $this->assertTrue(strpos($result, '["gui_object","editform","form"]') !== false);
+        $this->assertTrue(strpos($result, htmlentities('["gui_object","editform","form"]')) !== false);
     }
 }
diff --git a/tests/Actions/Settings/FolderSaveTest.php b/tests/Actions/Settings/FolderSaveTest.php
@@ -40,9 +40,9 @@ public function test_new_folder()
 
         $this->assertSame('iframe', $output->template);
         $this->assertTrue(stripos($result, '<!DOCTYPE html>') === 0);
-        $this->assertTrue(strpos($result, '["parent.display_message","Folder created successfully.","confirmation",0]') !== false);
-        $this->assertTrue(strpos($result, '["parent.add_folder_row","NewTest",') !== false);
-        $this->assertTrue(strpos($result, '["parent.subscription_select"]') !== false);
+        $this->assertTrue(strpos($result, htmlentities('["parent.display_message","Folder created successfully.","confirmation",0]')) !== false);
+        $this->assertTrue(strpos($result, htmlentities('["parent.add_folder_row","NewTest",')) !== false);
+        $this->assertTrue(strpos($result, htmlentities('["parent.subscription_select"]')) !== false);
     }
 
     /**

diff --git a/tests/Actions/Settings/IdentityCreateTest.php b/tests/Actions/Settings/IdentityCreateTest.php
@@ -28,6 +28,6 @@ public function test_run()
         $this->assertSame('identityedit', $output->template);
         $this->assertSame('Add identity', $output->getProperty('pagetitle'));
         $this->assertTrue(stripos($result, '<!DOCTYPE html>') === 0);
-        $this->assertTrue(strpos($result, '["gui_object","editform","form"]') !== false);
+        $this->assertTrue(strpos($result, htmlentities('["gui_object","editform","form"]')) !== false);
     }
 }
diff --git a/tests/Actions/Settings/IdentityEditTest.php b/tests/Actions/Settings/IdentityEditTest.php
@@ -37,7 +37,7 @@ public function test_run()
         $this->assertSame('Edit identity', $output->getProperty('pagetitle'));
         $this->assertSame($identity['identity_id'], $output->get_env('iid'));
         $this->assertTrue(stripos($result, '<!DOCTYPE html>') === 0);
-        $this->assertTrue(strpos($result, '["gui_object","editform","form"]') !== false);
+        $this->assertTrue(strpos($result, htmlentities('["gui_object","editform","form"]')) !== false);
         $this->assertTrue(strpos($result, '[email protected]') !== false);
 
         // TODO: Test error handling

diff --git a/tests/Actions/Settings/PrefsEditTest.php b/tests/Actions/Settings/PrefsEditTest.php
@@ -30,6 +30,6 @@ public function test_run()
         $this->assertSame('settingsedit', $output->template);
         $this->assertSame('Preferences', $output->getProperty('pagetitle'));
         $this->assertTrue(stripos($result, '<!DOCTYPE html>') === 0);
-        $this->assertTrue(strpos($result, '["gui_object","editform","form"]') !== false);
+        $this->assertTrue(strpos($result, htmlentities('["gui_object","editform","form"]')) !== false);
     }
 }
diff --git a/tests/Actions/Settings/ResponseCreateTest.php b/tests/Actions/Settings/ResponseCreateTest.php
@@ -31,6 +31,6 @@ public function test_run()
         $this->assertSame('Add response', $output->getProperty('pagetitle'));
         $this->assertFalse($output->get_env('readonly'));
         $this->assertTrue(stripos($result, '<!DOCTYPE html>') === 0);
-        $this->assertTrue(strpos($result, '["gui_object","editform","form"]') !== false);
+        $this->assertTrue(strpos($result, htmlentities('["gui_object","editform","form"]')) !== false);
     }
 }
diff --git a/tests/Actions/Settings/ResponseEditTest.php b/tests/Actions/Settings/ResponseEditTest.php
@@ -43,7 +43,7 @@ public function test_run()
         $this->assertSame('Edit response', $output->getProperty('pagetitle'));
         $this->assertTrue($output->get_env('readonly'));
         $this->assertTrue(stripos($result, '<!DOCTYPE html>') === 0);
-        $this->assertTrue(strpos($result, '["gui_object","editform","form"]') !== false);
+        $this->assertTrue(strpos($result, htmlentities('["gui_object","editform","form"]')) !== false);
         $this->assertTrue(strpos($result, 'tinymce.min.js') !== false);
         $this->assertTrue(strpos($result, 'Static Response One</textarea>') !== false);