Changeset 2389


Ignore:
Timestamp:
Sep 30, 2014, 2:25:25 PM (4 years ago)
Author:
matthijs
Message:

Use addEventListener instead of setting onclick attribute

This improves security by ensuring that no untrusted strings are
accidentally evaluated.

Location:
desktop/foneradownloader/trunk/chrome/content/js
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • desktop/foneradownloader/trunk/chrome/content/js/dialog.js

    r1914 r2389  
    9696        // Set OnDialogAccept Handler
    9797        let oDialog = document.getElementById("unknownContentType");
    98         oDialog.setAttribute("ondialogaccept", "if (FoneraDialog.openDownloadHandlerHelper()) return true;"
    99                              + oDialog.getAttribute("ondialogaccept"));
     98        oDialog.addEventListener("dialogaccept", function() {
     99            if (FoneraDialog.openDownloadHandlerHelper()) {
     100                // Prevent the regular event from running. For some
     101                // reason stopPropagation doesn't help here.
     102                oDialog.removeAttribute("ondialogaccept");
     103                return true;
     104            }
     105        });
    100106    }
    101107
  • desktop/foneradownloader/trunk/chrome/content/js/dlmanager.js

    r2387 r2389  
    242242        playb.setAttribute("id", downloadItem.id);
    243243        playb.setAttribute("action", action);
    244         playb.setAttribute("onclick", "FoneraDLManager.downloadAction(this.getAttribute('id'), this.getAttribute('action'))")
     244        playb.addEventListener("click", function() {FoneraDLManager.downloadAction(this.getAttribute('id'), this.getAttribute('action'));})
    245245
    246246        let cancelb = document.createElement("image");
     
    251251        cancelb.setAttribute("id", downloadItem.id);
    252252        cancelb.setAttribute("action", "delete");
    253         cancelb.setAttribute("onclick", "FoneraDLManager.downloadAction(this.getAttribute('id'), this.getAttribute('action'))")
     253        cancelb.addEventListener("click", function() {FoneraDLManager.downloadAction(this.getAttribute('id'), this.getAttribute('action'));})
    254254
    255255        cancelb.tooltipText = stringsBundle.getString("cancel");
     
    384384        let cancelb = document.createElement("image");
    385385        cancelb.setAttribute("src", "chrome://foneradownloader/skin/disabled.png");
    386         cancelb.setAttribute("onclick","FoneraDLManager.clearErrors()");
     386        cancelb.addEventListener("click", function() {FoneraDLManager.clearErrors();});
    387387        cancelb.tooltipText = stringsBundle.getString("clearerror");
    388388
Note: See TracChangeset for help on using the changeset viewer.