From ae545950191649c2f89d3e2a360e6e006f0a0df3 Mon Sep 17 00:00:00 2001 From: MontrealSergiy Date: Thu, 3 Apr 2025 13:30:16 -0400 Subject: [PATCH 1/3] replace & with unescaped ampersand in brain viewers (see cbrain#1494 ) --- userfiles/civet_output/views/_surface_viewer.html.erb | 8 ++++---- userfiles/mgh_file/views/_volume_viewer_loader.html.erb | 2 +- userfiles/minc_file/views/_minc_navigator.html.erb | 2 +- userfiles/minc_file/views/_volume_viewer_loader.html.erb | 2 +- userfiles/nifti_file/views/_volume_viewer_loader.html.erb | 2 +- userfiles/ply_file/views/_ply_viewer.html.erb | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/userfiles/civet_output/views/_surface_viewer.html.erb b/userfiles/civet_output/views/_surface_viewer.html.erb index 44e9442d..f6e68634 100644 --- a/userfiles/civet_output/views/_surface_viewer.html.erb +++ b/userfiles/civet_output/views/_surface_viewer.html.erb @@ -329,12 +329,12 @@ //////////////////////////////////// viewer.loadModelFromURL( - "<%= content_userfile_path(@userfile) %>?content_loader=collection_file&arguments=<%= @userfile.name + "/" + @userfile.surfaces_dir %>/" + "<%= @userfile.surfaces_objs[0]%>", + "<%= raw escape_javascript content_userfile_path(@userfile) %>?content_loader=collection_file&arguments=<%= @userfile.name + "/" + @userfile.surfaces_dir %>/" + "<%= @userfile.surfaces_objs[0]%>", { complete: function() { viewer.loadColorMapFromURL(color_maps[0].url); viewer.loadIntensityDataFromURL( - "<%= content_userfile_path(@userfile) %>?content_loader=collection_file&arguments=<%= @userfile.overlays[0][1] %>", + "<%= raw escape_javascript content_userfile_path(@userfile) %>?content_loader=collection_file&arguments=<%= @userfile.overlays[0][1] %>", { name: "<%= @userfile.overlays[0][0] %>", complete: loadEnd @@ -472,7 +472,7 @@ viewer.clearScreen(); loadStart(); viewer.loadModelFromURL( - "<%= content_userfile_path(@userfile) %>?content_loader=collection_file&arguments=<%= @userfile.name + "/" + @userfile.surfaces_dir %>/" + $(event.target).val(), + "<%= raw escape_javascript content_userfile_path(@userfile) %>?content_loader=collection_file&arguments=<%= @userfile.name + "/" + @userfile.surfaces_dir %>/" + $(event.target).val(), { complete: loadEnd } @@ -484,7 +484,7 @@ var filename = $(event.target).val() var basename = filename.replace(/\\/g,'/').replace( /.*\//, '' ) viewer.loadIntensityDataFromURL( - "<%= content_userfile_path(@userfile) %>?content_loader=collection_file&arguments=" + filename, + "<%= raw escape_javascript content_userfile_path(@userfile) %>?content_loader=collection_file&arguments=" + filename, { name: basename, complete: loadEnd diff --git a/userfiles/mgh_file/views/_volume_viewer_loader.html.erb b/userfiles/mgh_file/views/_volume_viewer_loader.html.erb index 1d711c3b..2f1e9006 100644 --- a/userfiles/mgh_file/views/_volume_viewer_loader.html.erb +++ b/userfiles/mgh_file/views/_volume_viewer_loader.html.erb @@ -25,7 +25,7 @@ viewer.loadVolumes({ volumes: [ { type: "mgh", - url: "<%= content_userfile_path(@userfile, :content_loader => :raw_content, :file_name => @userfile.name, :viewer_userfile_class => :MghFile) %>", + url: "<%= raw escape_javascript content_userfile_path(@userfile, :content_loader => :raw_content, :file_name => @userfile.name, :viewer_userfile_class => :MghFile) %>", template: { element_id: "volume-ui-template-<%= @userfile.id %>", viewer_insert_class: "volume-viewer-display" diff --git a/userfiles/minc_file/views/_minc_navigator.html.erb b/userfiles/minc_file/views/_minc_navigator.html.erb index dc38e678..24b69be9 100644 --- a/userfiles/minc_file/views/_minc_navigator.html.erb +++ b/userfiles/minc_file/views/_minc_navigator.html.erb @@ -41,7 +41,7 @@ with MINC2 files (which are HDF5-based). // Values obtained from Rails server side var link_id = "<%= link_id %>"; - var url = "<%= content_userfile_path(@userfile, :content_loader => :minc_content) %>"; + var url = "<%= raw escape_javascript content_userfile_path(@userfile, :content_loader => :minc_content) %>"; // Our main launch link. var start_link = $("#"+link_id); diff --git a/userfiles/minc_file/views/_volume_viewer_loader.html.erb b/userfiles/minc_file/views/_volume_viewer_loader.html.erb index 64c40d11..9f7381b6 100644 --- a/userfiles/minc_file/views/_volume_viewer_loader.html.erb +++ b/userfiles/minc_file/views/_volume_viewer_loader.html.erb @@ -25,7 +25,7 @@ viewer.loadVolumes({ { type: "minc", header_url: false, - raw_data_url: "<%= content_userfile_path(@userfile, :content_loader => :minc_content, :file_name => @userfile.name, :viewer_userfile_class => :MincFile) %>", + raw_data_url: "<%= escape_javascript content_userfile_path(@userfile, :content_loader => :minc_content, :file_name => @userfile.name, :viewer_userfile_class => :MincFile) %>", template: { element_id: "volume-ui-template-<%= @userfile.id %>", viewer_insert_class: "volume-viewer-display" diff --git a/userfiles/nifti_file/views/_volume_viewer_loader.html.erb b/userfiles/nifti_file/views/_volume_viewer_loader.html.erb index 196107af..24b6e525 100644 --- a/userfiles/nifti_file/views/_volume_viewer_loader.html.erb +++ b/userfiles/nifti_file/views/_volume_viewer_loader.html.erb @@ -25,7 +25,7 @@ viewer.loadVolumes({ volumes: [ { type: "nifti1", - nii_url: "<%= content_userfile_path(@userfile, :content_loader => :raw_content, :file_name => @userfile.name, :viewer_userfile_class => :NiftiFile) %>", + nii_url: "<%= raw escape_javascript content_userfile_path(@userfile, :content_loader => :raw_content, :file_name => @userfile.name, :viewer_userfile_class => :NiftiFile) %>", template: { element_id: "volume-ui-template-<%= @userfile.id %>", viewer_insert_class: "volume-viewer-display" diff --git a/userfiles/ply_file/views/_ply_viewer.html.erb b/userfiles/ply_file/views/_ply_viewer.html.erb index cb40f8bb..47fa3dbc 100644 --- a/userfiles/ply_file/views/_ply_viewer.html.erb +++ b/userfiles/ply_file/views/_ply_viewer.html.erb @@ -31,7 +31,7 @@ It is not garanteed to work well. // Values obtained from Rails server side var link_id = "<%= link_id %>"; - var url = "<%= content_userfile_path(@userfile, :content_loader => :ply_content) %>"; + var url = "<%= raw escape_javascript content_userfile_path(@userfile, :content_loader => :ply_content) %>"; // Our main launch link. var start_link = $("#"+link_id); From 63dd08ae8021d2e2b26cd3a9099a2e928aad6173 Mon Sep 17 00:00:00 2001 From: MontrealSergiy Date: Thu, 3 Apr 2025 13:46:36 -0400 Subject: [PATCH 2/3] shorten code by using an alias replace & with unescaped ampersand in brain viewers --- userfiles/civet_output/views/_surface_viewer.html.erb | 8 ++++---- userfiles/mgh_file/views/_volume_viewer_loader.html.erb | 2 +- userfiles/minc_file/views/_minc_navigator.html.erb | 2 +- userfiles/minc_file/views/_volume_viewer_loader.html.erb | 2 +- userfiles/nifti_file/views/_volume_viewer_loader.html.erb | 2 +- userfiles/ply_file/views/_ply_viewer.html.erb | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/userfiles/civet_output/views/_surface_viewer.html.erb b/userfiles/civet_output/views/_surface_viewer.html.erb index f6e68634..083dca29 100644 --- a/userfiles/civet_output/views/_surface_viewer.html.erb +++ b/userfiles/civet_output/views/_surface_viewer.html.erb @@ -329,12 +329,12 @@ //////////////////////////////////// viewer.loadModelFromURL( - "<%= raw escape_javascript content_userfile_path(@userfile) %>?content_loader=collection_file&arguments=<%= @userfile.name + "/" + @userfile.surfaces_dir %>/" + "<%= @userfile.surfaces_objs[0]%>", + "<%= raw j content_userfile_path(@userfile) %>?content_loader=collection_file&arguments=<%= @userfile.name + "/" + @userfile.surfaces_dir %>/" + "<%= @userfile.surfaces_objs[0]%>", { complete: function() { viewer.loadColorMapFromURL(color_maps[0].url); viewer.loadIntensityDataFromURL( - "<%= raw escape_javascript content_userfile_path(@userfile) %>?content_loader=collection_file&arguments=<%= @userfile.overlays[0][1] %>", + "<%= raw j content_userfile_path(@userfile) %>?content_loader=collection_file&arguments=<%= @userfile.overlays[0][1] %>", { name: "<%= @userfile.overlays[0][0] %>", complete: loadEnd @@ -472,7 +472,7 @@ viewer.clearScreen(); loadStart(); viewer.loadModelFromURL( - "<%= raw escape_javascript content_userfile_path(@userfile) %>?content_loader=collection_file&arguments=<%= @userfile.name + "/" + @userfile.surfaces_dir %>/" + $(event.target).val(), + "<%= raw j content_userfile_path(@userfile) %>?content_loader=collection_file&arguments=<%= @userfile.name + "/" + @userfile.surfaces_dir %>/" + $(event.target).val(), { complete: loadEnd } @@ -484,7 +484,7 @@ var filename = $(event.target).val() var basename = filename.replace(/\\/g,'/').replace( /.*\//, '' ) viewer.loadIntensityDataFromURL( - "<%= raw escape_javascript content_userfile_path(@userfile) %>?content_loader=collection_file&arguments=" + filename, + "<%= raw j content_userfile_path(@userfile) %>?content_loader=collection_file&arguments=" + filename, { name: basename, complete: loadEnd diff --git a/userfiles/mgh_file/views/_volume_viewer_loader.html.erb b/userfiles/mgh_file/views/_volume_viewer_loader.html.erb index 2f1e9006..e9e75623 100644 --- a/userfiles/mgh_file/views/_volume_viewer_loader.html.erb +++ b/userfiles/mgh_file/views/_volume_viewer_loader.html.erb @@ -25,7 +25,7 @@ viewer.loadVolumes({ volumes: [ { type: "mgh", - url: "<%= raw escape_javascript content_userfile_path(@userfile, :content_loader => :raw_content, :file_name => @userfile.name, :viewer_userfile_class => :MghFile) %>", + url: "<%= raw j content_userfile_path(@userfile, :content_loader => :raw_content, :file_name => @userfile.name, :viewer_userfile_class => :MghFile) %>", template: { element_id: "volume-ui-template-<%= @userfile.id %>", viewer_insert_class: "volume-viewer-display" diff --git a/userfiles/minc_file/views/_minc_navigator.html.erb b/userfiles/minc_file/views/_minc_navigator.html.erb index 24b69be9..863f5e41 100644 --- a/userfiles/minc_file/views/_minc_navigator.html.erb +++ b/userfiles/minc_file/views/_minc_navigator.html.erb @@ -41,7 +41,7 @@ with MINC2 files (which are HDF5-based). // Values obtained from Rails server side var link_id = "<%= link_id %>"; - var url = "<%= raw escape_javascript content_userfile_path(@userfile, :content_loader => :minc_content) %>"; + var url = "<%= raw j content_userfile_path(@userfile, :content_loader => :minc_content) %>"; // Our main launch link. var start_link = $("#"+link_id); diff --git a/userfiles/minc_file/views/_volume_viewer_loader.html.erb b/userfiles/minc_file/views/_volume_viewer_loader.html.erb index 9f7381b6..2d6ead37 100644 --- a/userfiles/minc_file/views/_volume_viewer_loader.html.erb +++ b/userfiles/minc_file/views/_volume_viewer_loader.html.erb @@ -25,7 +25,7 @@ viewer.loadVolumes({ { type: "minc", header_url: false, - raw_data_url: "<%= escape_javascript content_userfile_path(@userfile, :content_loader => :minc_content, :file_name => @userfile.name, :viewer_userfile_class => :MincFile) %>", + raw_data_url: "<%= j content_userfile_path(@userfile, :content_loader => :minc_content, :file_name => @userfile.name, :viewer_userfile_class => :MincFile) %>", template: { element_id: "volume-ui-template-<%= @userfile.id %>", viewer_insert_class: "volume-viewer-display" diff --git a/userfiles/nifti_file/views/_volume_viewer_loader.html.erb b/userfiles/nifti_file/views/_volume_viewer_loader.html.erb index 24b6e525..6d87df66 100644 --- a/userfiles/nifti_file/views/_volume_viewer_loader.html.erb +++ b/userfiles/nifti_file/views/_volume_viewer_loader.html.erb @@ -25,7 +25,7 @@ viewer.loadVolumes({ volumes: [ { type: "nifti1", - nii_url: "<%= raw escape_javascript content_userfile_path(@userfile, :content_loader => :raw_content, :file_name => @userfile.name, :viewer_userfile_class => :NiftiFile) %>", + nii_url: "<%= raw j content_userfile_path(@userfile, :content_loader => :raw_content, :file_name => @userfile.name, :viewer_userfile_class => :NiftiFile) %>", template: { element_id: "volume-ui-template-<%= @userfile.id %>", viewer_insert_class: "volume-viewer-display" diff --git a/userfiles/ply_file/views/_ply_viewer.html.erb b/userfiles/ply_file/views/_ply_viewer.html.erb index 47fa3dbc..2a6a8b97 100644 --- a/userfiles/ply_file/views/_ply_viewer.html.erb +++ b/userfiles/ply_file/views/_ply_viewer.html.erb @@ -31,7 +31,7 @@ It is not garanteed to work well. // Values obtained from Rails server side var link_id = "<%= link_id %>"; - var url = "<%= raw escape_javascript content_userfile_path(@userfile, :content_loader => :ply_content) %>"; + var url = "<%= raw j content_userfile_path(@userfile, :content_loader => :ply_content) %>"; // Our main launch link. var start_link = $("#"+link_id); From 5bac03295a8249cd330ee0c771a05aba18b957a2 Mon Sep 17 00:00:00 2001 From: MontrealSergiy Date: Thu, 3 Apr 2025 14:24:32 -0400 Subject: [PATCH 3/3] minc bugfix --- userfiles/minc_file/views/_volume_viewer_loader.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/userfiles/minc_file/views/_volume_viewer_loader.html.erb b/userfiles/minc_file/views/_volume_viewer_loader.html.erb index 2d6ead37..28422597 100644 --- a/userfiles/minc_file/views/_volume_viewer_loader.html.erb +++ b/userfiles/minc_file/views/_volume_viewer_loader.html.erb @@ -25,7 +25,7 @@ viewer.loadVolumes({ { type: "minc", header_url: false, - raw_data_url: "<%= j content_userfile_path(@userfile, :content_loader => :minc_content, :file_name => @userfile.name, :viewer_userfile_class => :MincFile) %>", + raw_data_url: "<%= raw j content_userfile_path(@userfile, :content_loader => :minc_content, :file_name => @userfile.name, :viewer_userfile_class => :MincFile) %>", template: { element_id: "volume-ui-template-<%= @userfile.id %>", viewer_insert_class: "volume-viewer-display"