Skip to Content

Changes for page LiveTable View Sheet

Last modified by Martin Výlet on 19.03.2025 21:26
From version 4.1
edited by Martin Výlet
on 18.06.2024 09:10
Change comment: Install extension [org.xwiki.platform:xwiki-platform-appwithinminutes-ui/15.10.10]
To version 2.1
edited by superadmin
on 06.01.2023 13:11
Change comment: Install extension [org.xwiki.platform:xwiki-platform-appwithinminutes-ui/14.10.2]

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.vyl0022
1 +XWiki.superadmin
Content
... ... @@ -11,8 +11,16 @@
11 11   ## Display the live table only if it was generated.
12 12   #if ($doc.content.length() > 0)
13 13   = $services.localization.render('platform.appwithinminutes.appLiveTableHeading') =
14 -
15 - {{include reference="" author="target"/}}
14 + ## We don't use the Include macro (with empty reference) because we want the content to be executed with the rights
15 + ## of the current document rather than the rights of the sheet. This is important because the user can modify the
16 + ## content of the application home page which means we could execute untrusted content with the rights of the sheet.
17 + ## Ideally we should use the Display macro with a parameter to disable the sheet, but we don't have this parameter.
18 + ## We don't clean the HTML content because getRenderedContent() should produce clean HTML, unless the user has
19 + ## disabled the HTML cleaning, in which case he will get what he asked for. Note that one good reason to disable
20 + ## HTML cleaning is to preserve the whitespaces in the attribute values.
21 + ## Escape {{ in the rendered content to be sure that the HTML macro is not closed unintentionally.
22 + {{html clean="false"}}$doc.getRenderedContent($doc.content,
23 + $doc.syntax.toIdString()).replace('{{', '{{'){{/html}}
16 16   #end
17 17  #end
18 18  
... ... @@ -60,7 +60,6 @@
60 60   #end
61 61   ## We need to set the title if we want to be able to sort or filter the doc.title live table column.
62 62   #set ($params = {
63 - 'form_token': $services.csrf.token,
64 64   'template': "${className}Template",
65 65   'title': '__entryName__',
66 66   'parent': $services.model.serialize($doc.documentReference, 'local')
XWiki.JavaScriptExtension[0]
Code
... ... @@ -59,8 +59,7 @@
59 59   * Rename Application
60 60   */
61 61  require(['jquery', 'bootstrap', 'xwiki-form-validation-async'], function($) {
62 - ## Note: if not currentApp request param is not passed, we default to the wiki home page reference to avoid a NPE
63 - #set ($currentDocReference = $xwiki.getDocument("$!request.currentApp").getDocumentReference())
62 + #set ($currentDocReference = $xwiki.getDocument($request.currentApp).getDocumentReference())
64 64   // if we cannot find any extension related to this page app, it's not part of an extension.
65 65   var isNotAnExtension = $services.extension.xar.getInstalledExtensions($currentDocReference).isEmpty();
66 66