Commit 5bc7ca9c authored by Oliver Hader's avatar Oliver Hader Committed by Benni Mack
Browse files

[TASK] Avoid inline JavaScript in wizard EditController

Closing a popup window does not use inline JavaScript code anymore.

Resolves: #96019
Releases: master, 11.5
Change-Id: Iea2354e30d51ddcd24d9288fe5fa87b924259c13
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72222


Tested-by: core-ci's avatarcore-ci <typo3@b13.com>
Tested-by: Torben Hansen's avatarTorben Hansen <derhansen@gmail.com>
Tested-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
Reviewed-by: Torben Hansen's avatarTorben Hansen <derhansen@gmail.com>
Reviewed-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
parent d533bcd5
......@@ -27,6 +27,7 @@ use TYPO3\CMS\Core\Http\RedirectResponse;
use TYPO3\CMS\Core\Utility\ArrayUtility;
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Core\Utility\MathUtility;
use TYPO3\CMS\Core\Utility\PathUtility;
/**
* Script Class for redirecting a backend user to the editing form when an "Edit wizard" link was clicked in FormEngine somewhere
......@@ -34,6 +35,8 @@ use TYPO3\CMS\Core\Utility\MathUtility;
*/
class EditController extends AbstractWizardController
{
protected const JAVASCRIPT_HELPER = 'EXT:backend/Resources/Public/JavaScript/Helper.js';
/**
* Wizard parameters, coming from FormEngine linking to the wizard.
*
......@@ -59,11 +62,24 @@ class EditController extends AbstractWizardController
protected $doClose;
/**
* A little JavaScript to close the open window.
* HTML markup to close the open window.
*
* @var string
*/
protected $closeWindow = '<script>close();</script>';
protected string $closeWindow;
public function __construct()
{
$this->closeWindow = sprintf(
'<script %s></script>',
GeneralUtility::implodeAttributes([
'src' => PathUtility::getAbsoluteWebPath(
GeneralUtility::getFileAbsFileName(self::JAVASCRIPT_HELPER)
),
'data-action' => 'window.close',
], true)
);
}
/**
* Injects the request object for the current request or subrequest
......
......@@ -2436,6 +2436,7 @@ class BackendUtility
* @param string $addParams Additional parameters to pass to the script.
* @return string HTML code for input text field.
* @see getFuncMenu()
* @todo not used at least since TYPO3 v9, drop in TYPO3 v12.0
*/
public static function getFuncInput(
$mainParams,
......
/*
* This file is part of the TYPO3 CMS project.
*
* It is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License, either version 2
* of the License, or any later version.
*
* For the full copyright and license information, please read the
* LICENSE.txt file that was distributed with this source code.
*
* The TYPO3 project - inspiring people to share!
*/
/**
* @internal Use in TYPO3 core only, API can change at any time!
*/
(function() {
"use strict";
if (!document.currentScript) {
return false;
}
const scriptElement = document.currentScript;
switch (scriptElement.dataset.action) {
case 'window.close':
window.close();
break;
default:
}
})();
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment