jQuery has a special behaviour when using .contents() over an iframe
object. This caused an error for escaping when saving the page with an
iframe content of an external domain.
introduced by 8c77c711
opw-649570
Add multilang=False to website_image controller to prevent redirects
Because website_image is decorated with website=True
Requests made for the product image at
`/website/image/product.template/xx_xx/..`
triggered redirections to add the language code to the
requests URLs. This redirection was useless, as setting
the language code for images is non-sense.
Adding `websitelang=False` prevents this redirection.
In addition, the redirection could lead to
SSL security concerns, as the redirection
could use the http:// scheme.
Closes#8515
In 7d40a7d, f820c07, 3ed0628 the way the mobile preview iframe is set
was altered several times. This left an inconsistent needless page load.
This page load was cancelled, but as a side effect in a given set of
conditions:
- an ajax request is done early in current (and so iframe) page,
- phantomjs is used for the test,
- server response time
this could lead to a false positive caused by a cancelled xhr request
throwing the error: "Can't load template, http status 0".
Escape text nodes changed via the web editor before sending the content
it to the server controller.
It is done since the content is unescaped one time when being displayed,
and it is not done for inline style and script tags (which may be
injected by dropping a snippet) since that would break them.
replacing the solution in cdb900044.
1. A menu with `/page/website.***` should be flagged as `active`
if the current url is `/page/***`. This is a retro-compatibility
patch for c9d41679fb, so the
menu is marked as active without having to rename it, by
removing this `website.` thing.
2. If you defined two menus with as url `/page/test` and `/page/test2`
Both menus were flagged as `active` when you browsed the url
`/page/test2`, because it started by both menus urls.
Fixes#3059Closes#3070
In the top menu bar, the `active` class is set when the
menu url matches the page url (the url in the browser url bar)
A while ago, we made so all urls
`/page/website.***'
were automatically redirected to
`/page/****`
Therefore, if the menu url still contains this `website.` prefix,
the active class wasn't set on it, while it should.
Fixes#3059Closes#3070
When saving a template in version 8.0, html would be saved as it should
be displayed once on the site. In particular, if some text should be
escaped once send to the browser, it will be saved as such.
But when rendering, a text node content is unescaped two times:
* for translation which seems wrong since we already use .text of a node
which already escaped it, doing it one more time is bad,
* when rendering the template, since the html template is stored in xml,
This commit remove superfluous unescaping for translation, and add an
escaping when saving the changed template content.
closes#7967
opw-646889
Pasting from the website to the website could for example copy
t-field="..." which then would easily add an error if e.g a field
is copied to an area where it is not available.
This fix strip the data-oe-... attributes of nodes added to the DOM
when pasting.
closes#7653
opw-644968
Commit 4ff1af4 moves the groups attributes on the ir ui view/template.
So the option is no more available in customize menu if user is logged.
No luck, because when your are not logged you don't have the menu.
Groups on template are the best practice to hide the content of a view
to a group of poeple, except in this case where a customize_show is set
to True.
Maybe that customize_show should ignore groups on ir ui view in a future
version ?
Javascript regex \b is not unicode aware,
and words beginning or ending by accents won't match \b
We therefore use a custom regex to replace \b.
Basically, it's a regex matching all words separators
such as dot, comma, spaces, etc. and other unicode
separators as well.
opw-641005
A user (other than the admin) part of the group 'Manage QWeb views'
and the group 'Administration Settings' couldn't edit
any other view than QWeb views.
opw-640376
In website template,
it was not possible to use the variable "lang",
containing the current language,
as the variable was overwrote in website.layout,
in a loop context.
Changing the variable name used by the loop
solves the issue.
opw-639488
closes#6320
* Complements commits a696913364 and
21d4b3fda9 by adding the missing `data-lang`
attribute also in the report layout (in saas-6 a single QWeb
template is used for language links in both reports and website
layouts).
* Fix the "Edit Master" link to work also for outdated templates
where the data-lang attribute is dynamically set to 'default',
and thus cannot be used as URL prefix -> use /website/lang
controller to switch lang instead.
Depending on the area (in this case a html field), the editor can escape
the url which wasn't taken into account by this widget.
closes#6726
opw-639852
Improves aea358ca67 and avoid spurious
redirects for URLs that do not match a controller but do not
have a valid language.
When the URL does not match any controller, the language
matcher tried to strip the leading path component, treating
it as a language code. For example:
/fr_BE/page/homepage
would not match any route, so it would be rerouted internally
as /page/homepage, after setting `request.lang` to fr_BE.
This breaks the magical 404 handler that allows ir.attachment
entries to be mapped to static URLs. Due to the internal rerouting,
the mapping of e.g. /website_mycompany/static/src/image/logo.png
would be rerouted to /static/src/image/logo.png and not match
the mapped URL anymore.
Now the stripping of the path component will only occur if
that path component matches an installed language code.
The consequence is that URLs containing uninstalled language codes
will now lead to 404 errors - an acceptable trade-off (e.g.
when an older version of the website is still indexed by a search
engine)
when closing a modal, the class 'modal-open' was removed from the
'body' tag and all the existing modals became not scrollable.
The class 'modal-open' must be kept in the 'body' tag if there is
still a visible modal in the dom.
Inspired from commit: dee000be14
opw:633801