This issue has been created
 
 
XWiki Platform / cid:jira-generated-image-avatar-92fc9237-39f6-4378-99f4-6a2eb1905a75 XWIKI-22267 Open

Velocity content not processed in inline javascript of access rights pages throughout XWiki platform
 
View issue   ยท   Add comment
 

Issue created

 
cid:jira-generated-image-avatar-d99c3275-063e-4cfc-a7ba-a1da51a2994d JP Kleijn created this issue on 15/Jun/24 12:14
 
Summary: Velocity content not processed in inline javascript of access rights pages throughout XWiki platform
Issue Type: cid:jira-generated-image-avatar-92fc9237-39f6-4378-99f4-6a2eb1905a75 Bug
Affects Versions: 16.4.0
Assignee: Unassigned
Components: {Unused} Authentication and Rights Management
Created: 15/Jun/24 12:14
Environment: Debian bullseye
Tomcat9
Nginx
----
Firefox
Windows7
Labels: javascript
Priority: cid:jira-generated-image-static-major-cede1ccf-80ad-468c-b605-96886cf18fc3 Major
Reporter: JP Kleijn
Description:

I came across a javascript error which seems to have evolved from a velocity string not being interpreted by velocity. I have seen this error only on the rights management of individual pages. To reproduce it, go to a page, go to its rights management (via 'edit' > 'access rights') and view the error in the browser console.

The javascript error is located in an inline piece of javascript that is inserted in the page right before the closing </main> tag.

 

    <script>
    //<![CDATA[
    if ($('tmEditWysiwyg')) {
      var switchEditor = function(editor, event) {
        // We switch the editor by submitting the edit form to the new editor (in order to preserve the unsaved changes
        // made to the edited content). We don't submit the edit form using one of the existing action buttons (e.g.
        // Preview) because it would trigger the form validation which can prevent the switch (e.g. if the page title is
        // mandatory and it's not filled). We submit instead directly the edit form but this has the disadvantage that it
        // doesn't trigger the submit event so we may have form fields that are not up to date (e.g. because they use
        // widgets that update their value on submit). This is the case with the WYSIWYG editor that updates its hidden
        // fields for syntax conversion before the form is submitted. In order to overcome this we trigger an event to
        // let the form fields know that their values are about to be submitted. It makes sense to use the preview action
        // events because we don't want to save the content, we want to preview it in a different editor.


////////////////////////////////////////////////////////////
//////////////////// ERROR FROM HERE ///////////////////////
////////////////////////////////////////////////////////////

/* 
*  Notice the velocity string "${formname}" below, this 
*  should not be here
*/
        var form = document.forms.${formname}; 

////////////////////////////////////////////////////////////

        form.fire('xwiki:actions:beforePreview');
        // This is needed in order to silence the leave confirmation (we're not going to loose unsaved changes).
        form.fire('xwiki:actions:preview');
        form.action = XWiki.currentDocument.getURL('edit', 'editor=' + editor + '&language=en');
        form.submit();
        Event.stop(event);
      };      // Manage switch from wiki to wysiwyg, content must be preserved between those editors.
      Event.observe($('tmEditWysiwyg'), "click", function(event) {
                switchEditor('wysiwyg', event);
      });      // Manage switch from wysiwyg to wiki, content must be preserved between those editors.
      Event.observe($('tmEditWiki'), "click", switchEditor.curry('wiki'));
    }
    //]]>
  </script>

 

 
 
 
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6) Atlassian logo
If image attachments aren't displayed, see this article.