Skip to content

Commit 68d3399

Browse files
vranamarijnh
vrana
authored and
marijnh
committed
[search addon] Make compatible with Trusted Types
https://web.dev/trusted-types/ doesn't allow string innerHTML assignments. This change avoids it by using DOM instead.
1 parent cf6cc38 commit 68d3399

File tree

1 file changed

+44
-6
lines changed

1 file changed

+44
-6
lines changed

addon/search/search.js

Lines changed: 44 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -189,18 +189,54 @@
189189
if (state.annotate) { state.annotate.clear(); state.annotate = null; }
190190
});}
191191

192+
function el(tag, attrs, content) {
193+
var element = document.createElement(tag);
194+
for (var key in attrs) {
195+
element[key] = attrs[key];
196+
}
197+
for (var i = 2; i < arguments.length; i++) {
198+
var child = arguments[i]
199+
element.appendChild(typeof child == "string" ? document.createTextNode(child) : child);
200+
}
201+
return element;
202+
}
192203

193204
function getQueryDialog(cm) {
194-
return '<span class="CodeMirror-search-label">' + cm.phrase("Search:") + '</span> <input type="text" style="width: 10em" class="CodeMirror-search-field"/> <span style="color: #888" class="CodeMirror-search-hint">' + cm.phrase("(Use /re/ syntax for regexp search)") + '</span>';
205+
var fragment = document.createDocumentFragment();
206+
fragment.appendChild(el('span', {className: 'CodeMirror-search-label'}, cm.phrase("Search:")));
207+
fragment.appendChild(document.createTextNode(' '));
208+
fragment.appendChild(el('input', {type: 'text', 'style': 'width: 10em', className: 'CodeMirror-search-field'}));
209+
fragment.appendChild(document.createTextNode(' '));
210+
fragment.appendChild(el('span', {style: 'color: #888', className: 'CodeMirror-search-hint'}, cm.phrase("(Use /re/ syntax for regexp search)")));
211+
return fragment;
195212
}
196213
function getReplaceQueryDialog(cm) {
197-
return ' <input type="text" style="width: 10em" class="CodeMirror-search-field"/> <span style="color: #888" class="CodeMirror-search-hint">' + cm.phrase("(Use /re/ syntax for regexp search)") + '</span>';
214+
var fragment = document.createDocumentFragment();
215+
fragment.appendChild(document.createTextNode(' '));
216+
fragment.appendChild(el('input', {type: 'text', 'style': 'width: 10em', className: 'CodeMirror-search-field'}));
217+
fragment.appendChild(document.createTextNode(' '));
218+
fragment.appendChild(el('span', {style: 'color: #888', className: 'CodeMirror-search-hint'}, cm.phrase("(Use /re/ syntax for regexp search)")));
219+
return fragment;
198220
}
199221
function getReplacementQueryDialog(cm) {
200-
return '<span class="CodeMirror-search-label">' + cm.phrase("With:") + '</span> <input type="text" style="width: 10em" class="CodeMirror-search-field"/>';
222+
var fragment = document.createDocumentFragment();
223+
fragment.appendChild(el('span', {className: 'CodeMirror-search-label'}, cm.phrase("With:")));
224+
fragment.appendChild(document.createTextNode(' '));
225+
fragment.appendChild(el('input', {type: 'text', 'style': 'width: 10em', className: 'CodeMirror-search-field'}));
226+
return fragment;
201227
}
202228
function getDoReplaceConfirm(cm) {
203-
return '<span class="CodeMirror-search-label">' + cm.phrase("Replace?") + '</span> <button>' + cm.phrase("Yes") + '</button> <button>' + cm.phrase("No") + '</button> <button>' + cm.phrase("All") + '</button> <button>' + cm.phrase("Stop") + '</button> ';
229+
var fragment = document.createDocumentFragment();
230+
fragment.appendChild(el('span', {className: 'CodeMirror-search-label'}, cm.phrase("Replace?")));
231+
fragment.appendChild(document.createTextNode(' '));
232+
fragment.appendChild(el('button', {}, cm.phrase("Yes")));
233+
fragment.appendChild(document.createTextNode(' '));
234+
fragment.appendChild(el('button', {}, cm.phrase("No")));
235+
fragment.appendChild(document.createTextNode(' '));
236+
fragment.appendChild(el('button', {}, cm.phrase("All")));
237+
fragment.appendChild(document.createTextNode(' '));
238+
fragment.appendChild(el('button', {}, cm.phrase("Stop")));
239+
return fragment;
204240
}
205241

206242
function replaceAll(cm, query, text) {
@@ -217,8 +253,10 @@
217253
function replace(cm, all) {
218254
if (cm.getOption("readOnly")) return;
219255
var query = cm.getSelection() || getSearchState(cm).lastQuery;
220-
var dialogText = '<span class="CodeMirror-search-label">' + (all ? cm.phrase("Replace all:") : cm.phrase("Replace:")) + '</span>';
221-
dialog(cm, dialogText + getReplaceQueryDialog(cm), dialogText, query, function(query) {
256+
var fragment = document.createDocumentFragment();
257+
fragment.appendChild(el('span', {className: 'CodeMirror-search-label'}, (all ? cm.phrase("Replace all:") : cm.phrase("Replace:"))));
258+
fragment.appendChild(getReplaceQueryDialog(cm));
259+
dialog(cm, fragment, dialogText, query, function(query) {
222260
if (!query) return;
223261
query = parseQuery(query);
224262
dialog(cm, getReplacementQueryDialog(cm), cm.phrase("Replace with:"), "", function(text) {

0 commit comments

Comments
 (0)