Merge pull request #589 from aspnetboilerplate/pr/2826

ismcagdas · web-flow · commit 93c4d7d353b4 · 2021-06-07T17:31:52.000+03:00
add html encode to ajax responses
diff --git a/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Mvc/Views/Shared/Layout/_Scripts.cshtml b/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Mvc/Views/Shared/Layout/_Scripts.cshtml
@@ -9,6 +9,8 @@
     @*admin-lte scripts start*@
     <script src="~/libs/bootstrap/dist/js/bootstrap.bundle.js" asp-append-version="true"></script>
     <script src="~/libs/datatables/js/jquery.dataTables.min.js" asp-append-version="true"></script>
+    <script src="~/view-resources/Views/_Bundles/helpers.min.js" asp-append-version="true"></script>
+    <script src="~/view-resources/Views/_Bundles/datatables.ajax.min.js" asp-append-version="true"></script>
     <script src="~/libs/datatables/js/dataTables.bootstrap4.min.js" asp-append-version="true"></script>
     <script src="~/libs/datatables/js/dataTables.responsive.min.js" asp-append-version="true"></script>
     <script src="~/libs/datatables/js/responsive.bootstrap4.min.js" asp-append-version="true"></script>
diff --git a/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Mvc/bundleconfig.json b/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Mvc/bundleconfig.json
@@ -134,5 +134,17 @@
     "inputFiles": [
       "wwwroot/view-resources/Views/Shared/Components/TenantChange/_ChangeModal.js"
     ]
+  },
+  {
+    "outputFileName": "wwwroot/view-resources/Views/_Bundles/datatables.ajax.min.js",
+    "inputFiles": [
+      "wwwroot/Common/datatables.ajax.js"
+    ]
+  },
+  {
+    "outputFileName": "wwwroot/view-resources/Views/_Bundles/helpers.min.js",
+    "inputFiles": [
+      "wwwroot/Common/helpers.js"
+    ]
   }
 ]
diff --git a/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Mvc/wwwroot/Common/datatables.ajax.js b/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Mvc/wwwroot/Common/datatables.ajax.js
@@ -0,0 +1,82 @@
+﻿/************************************************************************
+ * Ajax extension for datatables                                         *
+ *************************************************************************/
+(function ($) {
+    if (!$.fn.dataTableExt) {
+        return;
+    }
+
+    var doAjax = function (listAction, requestData, callbackFunction, settings) {
+        var inputFilter = {};
+
+        //set table defined filters
+        if (listAction.inputFilter) {
+            inputFilter = $.extend(inputFilter, listAction.inputFilter());
+        }
+
+        //set paging filters
+        if (settings.oInit.paging) {
+            inputFilter = $.extend(inputFilter, {
+                maxResultCount: requestData.length,
+                skipCount: requestData.start
+            });
+        }
+
+        //execute ajax function with filter
+        if (listAction.ajaxFunction) {
+            listAction.ajaxFunction(inputFilter)
+                .done(function (result) {
+                    //store raw server response for custom rendering.
+                    settings.rawServerResponse = result;
+
+                    //html encoding can be disabled by adding "disableResponseHtmlEncoding: true" to "listAction" field
+                    var dataItems;
+                    if (listAction.disableResponseHtmlEncoding) {
+                        dataItems = result.items;
+                    } else {
+                        //HTML encodes the response items for XSS protection.
+                        dataItems = app.htmlUtils.htmlEncodeJson(result.items);
+                    }
+
+                    //invoke callback
+                    callbackFunction({
+                        recordsTotal: result.totalCount,
+                        recordsFiltered: result.totalCount,
+                        data: dataItems
+                    });
+                })
+                .always(function () {
+                    abp.ui.clearBusy(settings.nTable);
+                });
+        }
+    }
+
+    if (!$.fn.dataTable) {
+        return;
+    }
+
+    $.extend(true, $.fn.dataTable.defaults, {
+        ajax: function (requestData, callbackFunction, settings) {
+            if (!settings) {
+                return;
+            }
+
+            if (!settings.oInit) {
+                return;
+            }
+
+            if (!settings.oInit.listAction) {
+                return;
+            }
+
+            abp.ui.setBusy(settings.nTable);
+
+            doAjax(settings.oInit.listAction, requestData, callbackFunction, settings);
+        }
+    });
+
+    $.fn.dataTable.Api.register('ajax.reloadPage()', function () {
+        // user paging is not reset on reload. https://datatables.net/reference/api/ajax.reload()
+        this.ajax.reload(null, false);
+    });
+})(jQuery);
diff --git a/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Mvc/wwwroot/Common/helpers.js b/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Mvc/wwwroot/Common/helpers.js
@@ -0,0 +1,20 @@
+﻿var app = app || {};
+(function () {
+    app.htmlUtils = {
+        htmlEncodeText: function (value) {
+            return $("<div/>").text(value).html();
+        },
+
+        htmlDecodeText: function (value) {
+            return $("<div/>").html(value).text();
+        },
+
+        htmlEncodeJson: function (jsonObject) {
+            return JSON.parse(app.htmlUtils.htmlEncodeText(JSON.stringify(jsonObject)));
+        },
+
+        htmlDecodeJson: function (jsonObject) {
+            return JSON.parse(app.htmlUtils.htmlDecodeText(JSON.stringify(jsonObject)));
+        }
+    };   
+})();
diff --git a/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Mvc/wwwroot/view-resources/Views/Roles/Index.js b/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Mvc/wwwroot/view-resources/Views/Roles/Index.js
@@ -8,21 +8,11 @@
     var _$rolesTable = _$table.DataTable({
         paging: true,
         serverSide: true,
-        ajax: function (data, callback, settings) {
-            var filter = $('#RolesSearchForm').serializeFormToObject(true);
-            filter.maxResultCount = data.length;
-            filter.skipCount = data.start;
-
-            abp.ui.setBusy(_$table);
-            _roleService.getAll(filter).done(function (result) {
-                callback({
-                    recordsTotal: result.totalCount,
-                    recordsFiltered: result.totalCount,
-                    data: result.items
-                });
-            }).always(function () {
-                abp.ui.clearBusy(_$table);
-            });
+        listAction: {
+            ajaxFunction: _roleService.getAll,
+            inputFilter: function () {
+                return $('#RolesSearchForm').serializeFormToObject(true);
+            }
         },
         buttons: [
             {
@@ -121,7 +111,8 @@
             success: function (content) {
                 $('#RoleEditModal div.modal-content').html(content);
             },
-            error: function (e) { }
+            error: function (e) {
+            }
         })
     });
 
diff --git a/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Mvc/wwwroot/view-resources/Views/Tenants/Index.js b/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Mvc/wwwroot/view-resources/Views/Tenants/Index.js
@@ -8,21 +8,11 @@
     var _$tenantsTable = _$table.DataTable({
         paging: true,
         serverSide: true,
-        ajax: function (data, callback, settings) {
-            var filter = $('#TenantsSearchForm').serializeFormToObject(true);
-            filter.maxResultCount = data.length;
-            filter.skipCount = data.start;
-
-            abp.ui.setBusy(_$table);
-            _tenantService.getAll(filter).done(function (result) {
-                callback({
-                    recordsTotal: result.totalCount,
-                    recordsFiltered: result.totalCount,
-                    data: result.items
-                });
-            }).always(function () {
-                abp.ui.clearBusy(_$table);
-            });
+        listAction: {
+            ajaxFunction: _tenantService.getAll,
+            inputFilter: function () {
+                return $('#TenantsSearchForm').serializeFormToObject(true);
+            }
         },
         buttons: [
             {
@@ -119,7 +109,8 @@
             success: function (content) {
                 $('#TenantEditModal div.modal-content').html(content);
             },
-            error: function (e) { }
+            error: function (e) {
+            }
         });
     });
 
diff --git a/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Mvc/wwwroot/view-resources/Views/Users/Index.js b/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Mvc/wwwroot/view-resources/Views/Users/Index.js
@@ -8,21 +8,11 @@
     var _$usersTable = _$table.DataTable({
         paging: true,
         serverSide: true,
-        ajax: function (data, callback, settings) {
-            var filter = $('#UsersSearchForm').serializeFormToObject(true);
-            filter.maxResultCount = data.length;
-            filter.skipCount = data.start;
-
-            abp.ui.setBusy(_$table);
-            _userService.getAll(filter).done(function (result) {
-                callback({
-                    recordsTotal: result.totalCount,
-                    recordsFiltered: result.totalCount,
-                    data: result.items
-                });
-            }).always(function () {
-                abp.ui.clearBusy(_$table);
-            });
+        listAction: {
+            ajaxFunction: _userService.getAll,
+            inputFilter: function () {
+                return $('#UsersSearchForm').serializeFormToObject(true);
+            }
         },
         buttons: [
             {
@@ -157,7 +147,8 @@
             success: function (content) {
                 $('#UserEditModal div.modal-content').html(content);
             },
-            error: function (e) { }
+            error: function (e) {
+            }
         });
     });
 

Original file line number	Diff line number	Diff line change
`@@ -134,5 +134,17 @@`
`134`	`134`	`"inputFiles": [`
`135`	`135`	`"wwwroot/view-resources/Views/Shared/Components/TenantChange/_ChangeModal.js"`
`136`	`136`	`]`
	`137`	`+ },`
	`138`	`+ {`
	`139`	`+ "outputFileName": "wwwroot/view-resources/Views/_Bundles/datatables.ajax.min.js",`
	`140`	`+ "inputFiles": [`
	`141`	`+ "wwwroot/Common/datatables.ajax.js"`
	`142`	`+ ]`
	`143`	`+ },`
	`144`	`+ {`
	`145`	`+ "outputFileName": "wwwroot/view-resources/Views/_Bundles/helpers.min.js",`
	`146`	`+ "inputFiles": [`
	`147`	`+ "wwwroot/Common/helpers.js"`
	`148`	`+ ]`
`137`	`149`	`}`
`138`	`150`	`]`