no no,
//If we find all the required variables to do inline editing.
if (field && id && module) {
//Do ajax call to retrieve the validation for the field.
var validation = getValidationRules(field, module, id);
//Do ajax call to retrieve the html elements of the field.
var html = loadFieldHTML(field, module, id);
//If we have the field html append it to the div we clicked.
if (html) {
console.log("dsfds" + validation);
$(_this).html(
validation +
"<form name='EditView' id='EditView'><div id='inline_edit_field'>" +
html +
"</div><a id='inlineEditSaveButton'></a></form>"
);
$("#inlineEditSaveButton").html(
'<span class="suitepicon suitepicon-action-confirm"></span>'
);
//If the field is a relate field we will need to retrieve the extra js required to make the field work.
if (type == "relate" || type == "parent") {
var relate_js = getRelateFieldJS(field, module, id);
$(_this).append(relate_js);
SUGAR.util.evalScript($(_this).html());
// Issue 2344 and 2499 changes - Dump existing QSProcessedFieldsArray to enable multiple QS on multiple rows.
var fieldToCheck = "EditView_" + field + "_display";
if (fieldToCheck in QSProcessedFieldsArray) {
delete QSProcessedFieldsArray[fieldToCheck];
}
//Needs to be called to enable quicksearch/typeahead functionality on the field.
enableQS(true);
}
//Add the active class so we know which td we are editing as they all have the inlineEdit class.
$(_this).addClass("inlineEditActive");
//Put the cursor in the field if possible.
$("#" + field).focus();
if (type == "name" || type == "text") {
// move focus to end of text (multiply by 2 to make absolute certain its end as some browsers count carriage return as more than 1 character)
var strLength = $("#" + field).val().length * 2;
$("#" + field)[0].setSelectionRange(strLength, strLength);
}
//We can only edit one field at a time currently so turn off the on dblclick event
$(".inlineEdit").off("click");
$(".inlineEdit").off("dblclick");
//Call the click away function to handle if the user has clicked off the field, if they have it will close the form.
clickedawayclose(field, id, module, type);
//Make sure the data is valid and save the details to the bean.
validateFormAndSave(field, id, module, type);
}
}
here getValidationRules
function is calling which is
/**
* Ajax call to retrieve the field validation js this needs to be done separately as you can't json_encode javascript.
* Calls a controller action in /modules/Home/controller.
* Returns the add to validate call for the field..
* @param field
* @param module
* @param id
* @returns {*}
*/
function getValidationRules(field, module, id) {
$.ajaxSetup({ async: false });
var result = $.getJSON("index.php", {
module: "Home",
action: "getValidationRules",
field: field,
current_module: module,
id: id,
to_pdf: true
});
$.ajaxSetup({ async: true });
try {
var validation = JSON.parse(result.responseText);
} catch (e) {
alert(
SUGAR.language.translate(
"app_strings",
"LBL_LOADING_ERROR_INLINE_EDITING"
)
);
return false;
}
return (
"<script type='text/javascript'>addToValidate('EditView', \"" + field + '", "' + validation["type"] + '", ' + validation["required"] + ',"' + validation["label"] + '");</script>'
);
}
I want to sanitize include/InlineEditing/inlineEditing.js, line 153 (Cross-Site Scripting: DOM)
Kingdom: Input Validation and Representation
Scan Engine: SCA (Data Flow)
Source Details
Source: Read result.responseText
From: getValidationRules
File: include/InlineEditing/inlineEditing.js
and sinking details is
Sink: ~JS_Generic.html()
Enclosing Method: onInlineEditDblClick()
File: include/InlineEditing/inlineEditing.js
Taint Flags: JS_OBJECT_CONTROLLED, WEB, XSS