Merge branch 'development' into YDA-5877-improve-admin-page-ui-consis…

…tency
UtrechtUniversity · Aug 14, 2024 · e60e2e8 · e60e2e8
2 parents c7c5eb9 + 2f60ee1
commit e60e2e8
Show file tree

Hide file tree

Showing 59 changed files with 124 additions and 93 deletions.
diff --git a/admin/templates/admin/admin.html b/admin/templates/admin/admin.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Administration{% endblock title %}
+{% block title %}{{ super() }} - Administration{% endblock title %}
 
 {% block scripts %}
 <script src="{{ url_for('static', filename='lib/purify-3.1.6/js/purify.min.js') }}"></script>
@@ -20,7 +20,7 @@ <h1>Administration</h1>
                 <div class="mb-4">
                     <h2 class="card-title">Maintenance Banner</h2>
                     <div class="d-flex justify-content-start align-items-end">
-                        <form action="{{ url_for('admin_bp.set_banner') }}" method="POST"
+                        <form action="{{ url_for('admin_bp.set_banner') }}" method="post"
                             class="flex-fill me-2 needs-validation" novalidate>
                             <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
                             <div class="mb-3">
@@ -45,7 +45,7 @@ <h2 class="card-title">Maintenance Banner</h2>
                 <!-- Theme Change Section -->
                 <div class="mb-4">
                     <h2 class="card-title">Portal Theme</h2>
-                    <form action="{{ url_for('admin_bp.set_theme') }}" method="POST" class="needs-validation"
+                    <form action="{{ url_for('admin_bp.set_theme') }}" method="post" class="needs-validation"
                         novalidate>
                         <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
                         <div class="mb-3">
@@ -66,7 +66,7 @@ <h2 class="card-title">Portal Theme</h2>
                 <div>
                     <h2 class="card-title">Publication Terms</h2>
                     <div class="d-flex justify-content-start align-items-end">
-                        <form action="{{ url_for('admin_bp.set_publication_terms') }}" method="POST"
+                        <form action="{{ url_for('admin_bp.set_publication_terms') }}" method="post"
                             class="flex-fill me-2 needs-validation" novalidate>
                             <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
                             <div class="mb-3">

diff --git a/datarequest/templates/datarequest/add.html b/datarequest/templates/datarequest/add.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Datarequest {{ request_id }} &dash; Add request{% endblock title %}
+{% block title %}{{ super() }} - Datarequest {{ request_id }} - Add request{% endblock title %}
 
 {% block scripts %}
 <script> window.config = {

diff --git a/datarequest/templates/datarequest/add_attachments.html b/datarequest/templates/datarequest/add_attachments.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Datarequest {{ request_id }} &dash; Add attachments{% endblock title %}
+{% block title %}{{ super() }} - Datarequest {{ request_id }} - Add attachments{% endblock title %}
 
 {% block scripts %}
 <script> window.config = {

diff --git a/datarequest/templates/datarequest/assign.html b/datarequest/templates/datarequest/assign.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Datarequest {{ request_id }} &dash; Assign request{% endblock title %}
+{% block title %}{{ super() }} - Datarequest {{ request_id }} - Assign request{% endblock title %}
 
 {% block style %}
 <link rel="stylesheet" href="{{ url_for('datarequest_bp.static', filename='css/forms.css') }}">

diff --git a/datarequest/templates/datarequest/dao_evaluate.html b/datarequest/templates/datarequest/dao_evaluate.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Datarequest {{ request_id }} &dash; Evaluate DAO request{% endblock title %}
+{% block title %}{{ super() }} - Datarequest {{ request_id }} - Evaluate DAO request{% endblock title %}
 
 {% block style %}
 <link rel="stylesheet" href="{{ url_for('datarequest_bp.static', filename='css/forms.css') }}">

diff --git a/datarequest/templates/datarequest/datamanager_review.html b/datarequest/templates/datarequest/datamanager_review.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Datarequest {{ request_id }} &dash; Datamanager review{% endblock title %}
+{% block title %}{{ super() }} - Datarequest {{ request_id }} - Datamanager review{% endblock title %}
 
 {% block style %}
 <link rel="stylesheet" href="{{ url_for('datarequest_bp.static', filename='css/forms.css') }}">

diff --git a/datarequest/templates/datarequest/evaluate.html b/datarequest/templates/datarequest/evaluate.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Datarequest {{ request_id }} &dash; Evaluate request{% endblock title %}
+{% block title %}{{ super() }} - Datarequest {{ request_id }} - Evaluate request{% endblock title %}
 
 {% block style %}
 <link rel="stylesheet" href="{{ url_for('datarequest_bp.static', filename='css/forms.css') }}">

diff --git a/datarequest/templates/datarequest/index.html b/datarequest/templates/datarequest/index.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Datarequests overview{% endblock title %}
+{% block title %}{{ super() }} - Datarequests overview{% endblock title %}
 
 {% block style %}
 <link rel="stylesheet" href="{{ url_for('static', filename='lib/datatables-1.13.5/datatables.min.css') }}">

diff --git a/datarequest/templates/datarequest/preliminary_review.html b/datarequest/templates/datarequest/preliminary_review.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Datarequest {{ request_id }} &dash; Preliminary review{% endblock title %}
+{% block title %}{{ super() }} - Datarequest {{ request_id }} - Preliminary review{% endblock title %}
 
 {% block style %}
 <link rel="stylesheet" href="{{ url_for('datarequest_bp.static', filename='css/forms.css') }}">

diff --git a/datarequest/templates/datarequest/preregister.html b/datarequest/templates/datarequest/preregister.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Datarequest {{ request_id }} &dash; Preregistration{% endblock title %}
+{% block title %}{{ super() }} - Datarequest {{ request_id }} - Preregistration{% endblock title %}
 
 {% block style %}
 <link rel="stylesheet" href="{{ url_for('datarequest_bp.static', filename='css/forms.css') }}">

diff --git a/datarequest/templates/datarequest/preregistration_confirm.html b/datarequest/templates/datarequest/preregistration_confirm.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Datarequest {{ request_id }} &dash; Preregistration confirmation{% endblock title %}
+{% block title %}{{ super() }} - Datarequest {{ request_id }} - Preregistration confirmation{% endblock title %}
 
 {% block style %}
 <link rel="stylesheet" href="{{ url_for('datarequest_bp.static', filename='css/forms.css') }}">

diff --git a/datarequest/templates/datarequest/review.html b/datarequest/templates/datarequest/review.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Datarequest {{ request_id }} &dash; Review{% endblock title %}
+{% block title %}{{ super() }} - Datarequest {{ request_id }} - Review{% endblock title %}
 
 {% block style %}
 <link rel="stylesheet" href="{{ url_for('datarequest_bp.static', filename='css/forms.css') }}">

diff --git a/datarequest/templates/datarequest/view.html b/datarequest/templates/datarequest/view.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Datarequest {{ request_id }}{% endblock title %}
+{% block title %}{{ super() }} - Datarequest {{ request_id }}{% endblock title %}
 
 {% block style %}
 <link rel="stylesheet" href="{{ url_for('datarequest_bp.static', filename='css/view.css') }}">

diff --git a/deposit/static/deposit/js/data.js b/deposit/static/deposit/js/data.js
@@ -158,6 +158,8 @@ $(function () {
 
     $('#showChecksumReport .collection').text(folder)
     $('#showChecksumReport .modal-body #checksumReport').html('')
+    $('#showChecksumReport .modal-footer .download-report-text').addClass('d-none')
+    $('#showChecksumReport .modal-footer .download-report-csv').addClass('d-none')
     $('#showChecksumReport .modal-footer .download-report-text').attr('href', downloadUrl + '&format=text')
     $('#showChecksumReport .modal-footer .download-report-csv').attr('href', downloadUrl + '&format=csv')
 
@@ -167,11 +169,15 @@ $(function () {
 
       table += '<thead><tr><th>Filename</th><th>Size</th><th>Checksum</th></tr></thead>'
       $.each(data, function (index, obj) {
-        table += `<tr>
-                     <td>${obj.name}</td>
-                     <td>${obj.size}</td>
-                     <td>${obj.checksum}</td>
+        if (data.length > 0) {
+          table += `<tr>
+                    <td>${obj.name}</td>
+                    <td>${obj.size}</td>
+                    <td>${obj.checksum}</td>
                 </tr>`
+          $('#showChecksumReport .modal-footer .download-report-text').removeClass('d-none')
+          $('#showChecksumReport .modal-footer .download-report-csv').removeClass('d-none')
+        }
       })
       table += '</tbody></table>'
 

diff --git a/deposit/static/deposit/js/dlgFileBrowseOperations.js b/deposit/static/deposit/js/dlgFileBrowseOperations.js
@@ -1,4 +1,4 @@
-/* global browse, path */
+/* global browse, DOMPurify, path */
 'use strict'
 
 let folderSelectBrowser = null
@@ -133,7 +133,7 @@ $(document).ready(function () {
                     <td class="item-progress">-</td>
                 </tr>
                 `
-        $('.multi-select-table tbody').append(row)
+        $('.multi-select-table tbody').append(DOMPurify.sanitize(row))
       })
 
       if (action === 'multiple-delete') {
@@ -694,7 +694,7 @@ function dlgMakeBreadcrumb (urlEncodedDir) {
 /// alert handling
 function dlgSelectAlertShow (errorMessage) {
   $('#dlg-select-alert-panel').removeClass('hide')
-  $('#dlg-select-alert-panel span').html(errorMessage)
+  $('#dlg-select-alert-panel span').html(DOMPurify.sanitize(errorMessage))
 }
 
 function dlgSelectAlertHide () {

diff --git a/deposit/templates/deposit/data.html b/deposit/templates/deposit/data.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Deposit &dash; Add data{% endblock title %}
+{% block title %}{{ super() }} - Deposit - Add data{% endblock title %}
 
 {% block style %}
 <link rel="stylesheet" href="{{ url_for('static', filename='lib/datatables-1.13.5/datatables.min.css') }}">
@@ -13,6 +13,7 @@
     var path = {{ path|tojson|safe }};
     var view = 'browse';
 </script>
+<script src="{{ url_for('static', filename='lib/purify-3.1.6/js/purify.min.js') }}"></script>
 <script src="{{ url_for('static', filename='lib/datatables-1.13.5/datatables.min.js') }}"></script>
 <script src="{{ url_for('deposit_bp.static', filename='lib/flow-js/flow.min.js') }}"></script>
 <script src="{{ url_for('deposit_bp.static', filename='lib/dragbetter-js/jquery.dragbetter.js') }}"></script>

diff --git a/deposit/templates/deposit/metadata-form.html b/deposit/templates/deposit/metadata-form.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Deposit &dash; Document data {% endblock title %}
+{% block title %}{{ super() }} - Deposit - Document data {% endblock title %}
 
 {% block style %}
 <link rel="stylesheet" href="{{ url_for('deposit_bp.static', filename='lib/sweetalert/sweetalert.css') }}">

diff --git a/deposit/templates/deposit/overview.html b/deposit/templates/deposit/overview.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Deposit &dash; My deposits{% endblock title %}
+{% block title %}{{ super() }} - Deposit - My deposits{% endblock title %}
 
 {% block style %}
 <link rel="stylesheet" href="{{ url_for('static', filename='lib/datatables-1.13.5/datatables.min.css') }}">

diff --git a/deposit/templates/deposit/submit.html b/deposit/templates/deposit/submit.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Deposit &dash; Submit data{% endblock title %}
+{% block title %}{{ super() }} - Deposit - Submit data{% endblock title %}
 
 {% block style %}
 <link rel="stylesheet" href="{{ url_for('deposit_bp.static', filename='lib/stepper/bs-stepper.custom.css') }}">

diff --git a/deposit/templates/deposit/thank-you.html b/deposit/templates/deposit/thank-you.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Deposit &dash; Thank you{% endblock title %}
+{% block title %}{{ super() }} - Deposit - Thank you{% endblock title %}
 
 {% block style %}
 <link rel="stylesheet" href="{{ url_for('deposit_bp.static', filename='css/deposit.css') }}">

diff --git a/fileviewer/templates/fileviewer/file.html b/fileviewer/templates/fileviewer/file.html
@@ -1,9 +1,9 @@
 {% extends 'base-bare.html' %}
 
-{% block title %}{{ super() }} &dash; File Viewer{% endblock title %}
+{% block title %}{{ super() }} - File Viewer{% endblock title %}
 
 {% block style %}
-<link id='pagestyle' rel="stylesheet" {% if g.settings and g.settings.color_mode and g.settings.color_mode == 'DARK' %}href="{{url_for('static', filename='lib/highlight-js-11.9.0/styles/dark.min.css')}}"{% else %}href="{{url_for('static', filename='lib/highlight-js-11.9.0/styles/default.min.css')}}"{% endif %}>
+<link id="pagestyle" rel="stylesheet" {% if g.settings and g.settings.color_mode and g.settings.color_mode == 'DARK' %}href="{{url_for('static', filename='lib/highlight-js-11.9.0/styles/dark.min.css')}}"{% else %}href="{{url_for('static', filename='lib/highlight-js-11.9.0/styles/default.min.css')}}"{% endif %}>
 {% endblock style %}
 
 {% block scripts %}

diff --git a/general/templates/general/403.html b/general/templates/general/403.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Access forbidden{% endblock title %}
+{% block title %}{{ super() }} - Access forbidden{% endblock title %}
 
 {% block content %}
 <div class="text-center">

diff --git a/general/templates/general/404.html b/general/templates/general/404.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Page not found{% endblock title %}
+{% block title %}{{ super() }} - Page not found{% endblock title %}
 
 {% block content %}
 <div class="text-center">

diff --git a/general/templates/general/500.html b/general/templates/general/500.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Internal server error{% endblock title %}
+{% block title %}{{ super() }} - Internal server error{% endblock title %}
 
 {% block content %}
 <div class="text-center">

diff --git a/general/templates/general/index.html b/general/templates/general/index.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Home{% endblock title %}
+{% block title %}{{ super() }} - Home{% endblock title %}
 
 {% block style %}
 {{ super() }}

diff --git a/group_manager/static/group_manager/js/group_manager.js b/group_manager/static/group_manager/js/group_manager.js
@@ -1,4 +1,4 @@
-/* global bootstrap, FileReader, jQuery, Option */
+/* global bootstrap, DOMPurify, FileReader, jQuery, Option */
 'use strict'
 
 let enteredUsername = ''
@@ -973,7 +973,8 @@ $(function () {
       $('.properties-update').removeClass('hidden')
       $('.users').removeClass('hidden')
 
-      $('#group-properties-group-name').html('<strong>[' + groupName + ']</strong>')
+      const sanitizedGroupName = DOMPurify.sanitize('<strong>[' + groupName + ']</strong>')
+      $('#group-properties-group-name').html(sanitizedGroupName)
 
       $oldGroup.removeClass('active')
       $group.addClass('active')
@@ -1346,7 +1347,8 @@ $(function () {
           // $(this).val(null).trigger('change')
         }).on('change', function () {
           // Reset the subcategory value
-          $($(this).attr('data-subcategory')).val(null).trigger('change')
+          const sanitizedSubCategory = DOMPurify.sanitize($(this).attr('data-subcategory'))
+          $(sanitizedSubCategory).val(null).trigger('change')
 
           // bring over the category value to the schema-id if exists.
           if (that.schemaIDs.includes($(this).select2('data')[0].id)) {
@@ -1376,6 +1378,8 @@ $(function () {
       $(sel).filter('.selectify-subcategory').each(function () {
         const $el = $(this)
 
+        const sanitizedCategory = DOMPurify.sanitize($el.attr('data-category'))
+
         $el.select2({
           placeholder: 'Select a subcategory or enter a new name',
           ajax: {
@@ -1386,7 +1390,7 @@ $(function () {
             data: function (params) {
               const request = {
                 query: '',
-                category: $($el.attr('data-category')).val()
+                category: $(sanitizedCategory).val()
               }
               if (params.term) {
                 request.query = params.term
@@ -1544,7 +1548,8 @@ $(function () {
 
               users.forEach(function (userName) {
                 // Exclude users already in the group.
-                if (!(userName in that.groups[$($el.attr('data-group')).val()].members)) {
+                const sanitizedGroup = DOMPurify.sanitize($el.attr('data-group'))
+                if (!(userName in that.groups[$(sanitizedGroup).val()].members)) {
                   const nameAndZone = userName.split('#')
                   results.push({
                     id: userName,
@@ -2209,12 +2214,10 @@ $(function () {
       })
 
       // Group creation {{{
-
       $('#f-group-create-prefix-div a').on('click', function (e) {
         // Select new group prefix.
-        const newPrefix = $(this).attr('data-value')
+        const newPrefix = DOMPurify.sanitize($(this).attr('data-value'))
         const oldPrefix = $('#f-group-create-name').attr('data-prefix')
-
         $('#f-group-create-prefix-div button .text').html(newPrefix + '&nbsp;')
         $('#f-group-create-name').attr('data-prefix', newPrefix)
 

diff --git a/group_manager/templates/group_manager/index.html b/group_manager/templates/group_manager/index.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Group Manager{% endblock title %}
+{% block title %}{{ super() }} - Group Manager{% endblock title %}
 
 {% block style %}
     <link rel="stylesheet" href="{{ url_for('group_manager_bp.static', filename='css/group_manager.css') }}">
@@ -9,6 +9,7 @@
 {% endblock style %}
 
 {% block scripts %}
+    <script src="{{ url_for('static', filename='lib/purify-3.1.6/js/purify.min.js') }}"></script>
     <script src="{{ url_for('group_manager_bp.static', filename='js/group_manager.js') }}"></script>
     <script src="{{ url_for('group_manager_bp.static', filename='lib/select2/select2.full.min.js') }}"></script>
     <script>
@@ -96,7 +97,7 @@ <h1 id="group-manager-text">Group manager</h1>
             <div class="card properties-create hidden">
                 <div class="card-header">Create new group</div>
                 <div class="card-body" id="group-properties-create">
-                    <form class="form-horizontal" id="f-group-create" action="{{ url_for('group_manager_bp.group_create') }}" method="POST">
+                    <form class="form-horizontal" id="f-group-create" action="{{ url_for('group_manager_bp.group_create') }}" method="post">
                         <div class="mb-3 row">
                             <label class="col-sm-4 form-label" for="f-group-create-name">Group name
                                 <i class="fa-solid fa-question-circle" aria-hidden="true" title="Name and type for this group, this cannot be changed after group creation (may only contain lowercase letters (a-z) and hyphens (-))"></i>
@@ -210,7 +211,7 @@ <h1 id="group-manager-text">Group manager</h1>
                     <p class="placeholder-text">
                         Please select a group.
                     </p>
-                    <form action="{{ url_for('group_manager_bp.group_update') }}" method="POST" id="f-group-update" class="hidden">
+                    <form action="{{ url_for('group_manager_bp.group_update') }}" method="post" id="f-group-update" class="hidden">
 
                         <div class="mb-3 row">
                             <label class="col-sm-4 form-label" for="f-group-update-name">Group name
@@ -322,7 +323,7 @@ <h1 id="group-manager-text">Group manager</h1>
                 </div>
                 <div class="list-group overflow-auto" id="user-list" style="max-height: 243px"></div>
                 <div class="list-group-item item-user-create" id="user-list-add-user" hidden>
-                    <form action="{{ url_for('group_manager_bp.user_create') }}" method="POST" class="form-inline" id="f-user-create">
+                    <form action="{{ url_for('group_manager_bp.user_create') }}" method="post" class="form-inline" id="f-user-create">
                         <input name="group_name" id="f-user-create-group" type="hidden" />
                         <div class="input-group">
                             <select name="user_name" id="f-user-create-name" class="form-control form-control-sm selectify-user-name" required data-group="#f-user-create-group" >

diff --git a/intake/templates/intake/intake.html b/intake/templates/intake/intake.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 
-{% block title %}{{ super() }} &dash; Intake{% endblock title %}
+{% block title %}{{ super() }} - Intake{% endblock title %}
 
 {% block style %}
     <link rel="stylesheet" href="{{ url_for('intake_bp.static', filename='css/jquery.dataTables.css') }}">