Skip to content

Commit

Permalink
Fix: Don't rely on SecureRenderer (@hostep feedback)
Browse files Browse the repository at this point in the history
  • Loading branch information
michielgerritsen committed Aug 15, 2024
1 parent cb445f2 commit f289083
Show file tree
Hide file tree
Showing 4 changed files with 77 additions and 49 deletions.
26 changes: 16 additions & 10 deletions view/adminhtml/templates/form/mollie_paymentlink_javascript.phtml
Original file line number Diff line number Diff line change
Expand Up @@ -8,29 +8,29 @@ use Magento\Framework\View\Helper\SecureHtmlRenderer;

/** @var SecureHtmlRenderer $secureRenderer */

$scriptString = <<<SCRIPT
document.addEventListener('DOMContentLoaded', function () {
$scriptString = '
document.addEventListener(\'DOMContentLoaded\', function () {
const saveSelectedMethods = () => {
// Save the selected payment methods to local storage
var paymentMethods = document.getElementById('mollie_methods_paymentlink_methods');
var paymentMethods = document.getElementById(\'mollie_methods_paymentlink_methods\');
if (!paymentMethods) {
return;
}
paymentMethods.addEventListener('change', function () {
paymentMethods.addEventListener(\'change\', function () {
var selected = [];
for (var i = 0; i < paymentMethods.options.length; i++) {
if (paymentMethods.options[i].selected) {
selected.push(paymentMethods.options[i].value);
}
}
localStorage.setItem('mollie_paymentlink_methods', JSON.stringify(selected));
localStorage.setItem(\'mollie_paymentlink_methods\', JSON.stringify(selected));
});
};
const setSelectedMethods = () => {
var paymentMethods = document.getElementById('mollie_methods_paymentlink_methods');
const selectedMethods = JSON.parse(localStorage.getItem('mollie_paymentlink_methods'));
var paymentMethods = document.getElementById(\'mollie_methods_paymentlink_methods\');
const selectedMethods = JSON.parse(localStorage.getItem(\'mollie_paymentlink_methods\'));
if (!selectedMethods || !paymentMethods) {
return;
}
Expand All @@ -45,11 +45,17 @@ $scriptString = <<<SCRIPT
saveSelectedMethods();
setSelectedMethods();
document.getElementById('order-billing_method').addEventListener('DOMSubtreeModified', () => {
document.getElementById(\'order-billing_method\').addEventListener(\'DOMSubtreeModified\', () => {
saveSelectedMethods();
setSelectedMethods();
})
});
SCRIPT;
';

echo $secureRenderer->renderTag('script', [], $scriptString, false);
// @phpstan-ignore-next-line
if (isset($secureRenderer)) {
echo $secureRenderer->renderTag('script', [], $scriptString, false);
return;
}

echo '<script>' . $scriptString . '</script>';
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,12 @@ use Magento\Framework\View\Helper\SecureHtmlRenderer;
</div>

<?php
$scriptString = <<<SCRIPT
$scriptString = '
(() => {
let warningElement = document.querySelector('.mollie-manual-capture-warning');
let fields = Array.from(document.querySelectorAll('.qty-item'));
let warningElement = document.querySelector(\'.mollie-manual-capture-warning\');
let fields = Array.from(document.querySelectorAll(\'.qty-item\'));
fields.forEach(function (item) {
item.addEventListener('change', function (event) {
item.addEventListener(\'change\', function (event) {
checkFields();
});
});
Expand All @@ -31,11 +31,17 @@ $scriptString = <<<SCRIPT
return element.value != element.defaultValue;
})
warningElement.style.display = alteredFields.length ? 'block' : 'none';
warningElement.style.display = alteredFields.length ? \'block\' : \'none\';
}
checkFields();
})();
SCRIPT;
';

echo $secureRenderer->renderTag('script', [], $scriptString, false);
// @phpstan-ignore-next-line
if (isset($secureRenderer)) {
echo $secureRenderer->renderTag('script', [], $scriptString, false);
return;
}

echo '<script>' . $scriptString . '</script>';
38 changes: 23 additions & 15 deletions view/adminhtml/templates/system/config/button/apikey.phtml
Original file line number Diff line number Diff line change
Expand Up @@ -13,44 +13,52 @@ use Mollie\Payment\Block\Adminhtml\System\Config\Form\Apikey\Checker;
* @var SecureHtmlRenderer $secureRenderer
*/

$scriptString = <<<SCRIPT
$scriptString = '
require([
'jquery',
'prototype'
\'jquery\',
\'prototype\'
], function (jQuery) {
var resultSpan = jQuery('#result_apikey');
jQuery('#apikey_button').click(function () {
var resultSpan = jQuery(\'#result_apikey\');
jQuery(\'#apikey_button\').click(function () {
var params = {
"test_key": jQuery("#mollie_general_api_details_apikey_test").val(),
"live_key": jQuery("#mollie_general_api_details_apikey_live").val()
};
new Ajax.Request('{$block->getAjaxUrl()}', {
new Ajax.Request(\'' . $block->getAjaxUrl() . '\', {
parameters: params,
loaderArea: false,
asynchronous: true,
onCreate: function () {
resultSpan.find('.connecting').show();
resultSpan.find('.result').hide();
resultSpan.find(\'.connecting\').show();
resultSpan.find(\'.result\').hide();
},
onSuccess: function (response) {
resultSpan.find('.connecting').hide();
var resultText = '';
resultSpan.find(\'.connecting\').hide();
var resultText = \'\';
if (response.status > 200) {
resultText = response.statusText;
} else {
var json = response.responseJSON;
if (typeof json.msg != 'undefined') {
if (typeof json.msg != \'undefined\') {
resultText = json.msg;
}
}
resultSpan.find('.result').show();
resultSpan.find('.result').html(resultText);
resultSpan.find(\'.result\').show();
resultSpan.find(\'.result\').html(resultText);
}
});
});
});
SCRIPT;
';

echo $secureRenderer->renderTag('script', [], $scriptString, false);
// @phpstan-ignore-next-line
if (isset($secureRenderer)) {
echo $secureRenderer->renderTag('script', [], $scriptString, false);
}

// @phpstan-ignore-next-line
if (!isset($secureRenderer)) {
echo '<script>' . $scriptString . '</script>';
}

echo $block->getButtonHtml();
42 changes: 25 additions & 17 deletions view/adminhtml/templates/system/config/button/compatibility.phtml
Original file line number Diff line number Diff line change
Expand Up @@ -13,45 +13,53 @@ use Mollie\Payment\Block\Adminhtml\System\Config\Form\Compatibility\Checker;
* @var SecureHtmlRenderer $secureRenderer
*/

$scriptString = <<<SCRIPT
$scriptString = '
require([
'jquery',
'mage/translate',
'prototype',
\'jquery\',
\'mage/translate\',
\'prototype\',
], function (jQuery, \$t) {
var resultSpan = jQuery('#result_compatibility');
jQuery('#compatibility_button').click(function () {
var resultSpan = jQuery(\'#result_compatibility\');
jQuery(\'#compatibility_button\').click(function () {
var params = {};
new Ajax.Request('{$block->getAjaxUrl()}', {
new Ajax.Request(\'' . $block->getAjaxUrl() . '\', {
parameters: params,
loaderArea: false,
asynchronous: true,
onCreate: function () {
resultSpan.find('.connecting').show();
resultSpan.find('.result').hide();
resultSpan.find(\'.connecting\').show();
resultSpan.find(\'.result\').hide();
},
onSuccess: function (response) {
resultSpan.find('.connecting').hide();
var resultText = '';
resultSpan.find(\'.connecting\').hide();
var resultText = \'\';
if (response.status > 200) {
resultText = response.statusText;
} else {
var json = response.responseJSON;
if (typeof json.msg != 'undefined') {
if (typeof json.msg != \'undefined\') {
resultText = json.msg;
} else {
resultText = \$t('Invalid response received. This indicates an unknown problem.');
resultText = \$t(\'Invalid response received. This indicates an unknown problem.\');
}
}
resultSpan.find('.result').show();
resultSpan.find('.result').html(resultText);
resultSpan.find(\'.result\').show();
resultSpan.find(\'.result\').html(resultText);
}
});
});
});
SCRIPT;
';

echo $secureRenderer->renderTag('script', [], $scriptString, false);
// @phpstan-ignore-next-line
if (isset($secureRenderer)) {
echo $secureRenderer->renderTag('script', [], $scriptString, false);
}

// @phpstan-ignore-next-line
if (!isset($secureRenderer)) {
echo '<script>' . $scriptString . '</script>';
}

echo $block->getButtonHtml();

0 comments on commit f289083

Please sign in to comment.