Changes for page LiveTable View Sheet

Summary

• Page properties (2 modified, 0 added, 0 removed)

Details

Page properties

Author

...	...	@@ -1,1 +1,1 @@
1		-XWiki.superadmin
	1	+XWiki.xwikiadm

Content

...	...	@@ -11,16 +11,8 @@
11	11	## Display the live table only if it was generated.
12	12	#if ($doc.content.length() > 0)
13	13	= $services.localization.render('platform.appwithinminutes.appLiveTableHeading') =
14		- ## We don't use the Include macro (with empty reference) because we want the content to be executed with the rights
15		- ## of the current document rather than the rights of the sheet. This is important because the user can modify the
16		- ## content of the application home page which means we could execute untrusted content with the rights of the sheet.
17		- ## Ideally we should use the Display macro with a parameter to disable the sheet, but we don't have this parameter.
18		- ## We don't clean the HTML content because getRenderedContent() should produce clean HTML, unless the user has
19		- ## disabled the HTML cleaning, in which case he will get what he asked for. Note that one good reason to disable
20		- ## HTML cleaning is to preserve the whitespaces in the attribute values.
21		- ## Escape {{ in the rendered content to be sure that the HTML macro is not closed unintentionally.
22		- {{html clean="false"}}$doc.getRenderedContent($doc.content,
23		- $doc.syntax.toIdString()).replace('{{', '{{'){{/html}}
	14	+
	15	+ {{include reference="" author="target"/}}
24	24	#end
25	25	#end
26	26
...	...	@@ -68,6 +68,7 @@
68	68	#end
69	69	## We need to set the title if we want to be able to sort or filter the doc.title live table column.
70	70	#set ($params = {
	63	+ 'form_token': $services.csrf.token,
71	71	'template': "${className}Template",
72	72	'title': '__entryName__',
73	73	'parent': $services.model.serialize($doc.documentReference, 'local')