Closed Bug 948894 Opened 12 years ago Closed 12 years ago

Move inline scripts and styles into separate file for mobile/android/chrome/content/aboutApps.xhtml (about:apps)

Categories

(Firefox for Android Graveyard :: General, defect)

Product:
Firefox for Android Graveyard
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Firefox 29

People

(Reporter: freddy, Assigned: freddy)

References

(Blocks 1 open bug)

Details

(Whiteboard: [mentor=fbraun@mozilla.com][lang=html][good first bug][lang=js])

Attachments

(1 file, 3 obsolete files)

putting inline JS into the existing aboutApps.js file (final)
5.26 KB, patch
Details | Diff | Splinter Review
With the current plan to harden the security of Firefox, we want to disallow internal privileged pages to use inline JavaScript. Since their amount is fairly limited, we start this by rewriting them bit by bit.
Trying to solve this one on my own, so future volunteers have a sample to look at. This patch should explain how to move things around. Lucas: Bugzilla suggested you review this, is this OK? (Haven't built or pushed to try yet)
Attachment #8346630 - Flags: review?(lucasr.at.mozilla)
Assignee: nobody → fbraun
Comment on attachment 8346630 [details] [diff] [review] putting inline JS into the existing aboutApps.js file >diff --git a/mobile/android/chrome/content/aboutApps.js b/mobile/android/chrome/content/aboutApps.js >+window.onload = function onWindowLoad() { >+ var body = document.querySelector("body") >+ body.onload = onLoad; >+ >+ var addToHomescreenLabel = document.querySelector("#addToHomescreenLabel") >+ addToHomescreenLabel.onclick = function() { ContextMenus.addToHomescreen(); } >+ >+ var uninstallLabel = document.querySelector("#uninstallLabel") >+ uninstallLabel.onclick = function() { ContextMenus.uninstall(); } >+ >+ var headerButton = document.querySelector("#header-button") >+ headerButton.onclick = function() { openLink(headerButton); } >+ >+ var listItem = document.querySelector("div.list-item"); >+ listItem.onclick = function() { openLink(listItem); } >+ >+} >\ No newline at end of file Some notes: * Don't use querySelector for elements with IDs * Use let instead of var * We prefer to use window.addEventListener("load", onLoad); You could add it after line 25 as a global * Same is true for the other events * The ContextMenus handlers should be added in ContextMenus.init() like this one: http://mxr.mozilla.org/mozilla-central/source/mobile/android/chrome/content/aboutApps.js#44 Something like: document.getElementById("addToHomescreenLabel").addEventListener("click", ContextMenus.addToHomescreen); * Add a new line to the end of the file Lucas is on vacation, reassigning to Margaret
Attachment #8346630 - Flags: review?(margaret.leibovic)
Attachment #8346630 - Flags: feedback+
Thanks for the feedback, Mark. I've addressed your comments in this follow-up.
Attachment #8346630 - Attachment is obsolete: true
Attachment #8346630 - Flags: review?(margaret.leibovic)
Attachment #8346630 - Flags: review?(lucasr.at.mozilla)
Attachment #8347094 - Flags: review?(margaret.leibovic)
Comment on attachment 8347094 [details] [diff] [review] putting inline JS into the existing aboutApps.js file (rev. 2) Review of attachment 8347094 [details] [diff] [review]: ----------------------------------------------------------------- Thanks for addressing Mark's comments! I have some more suggestions I'd like to see get addressed before we land this. ::: mobile/android/chrome/content/aboutApps.js @@ +22,5 @@ > .QueryInterface(Ci.nsIInterfaceRequestor) > .getInterface(Ci.nsIDOMWindow) > .QueryInterface(Ci.nsIDOMChromeWindow)); > > +window.addEventListener("load", onWindowLoad); Instead of listening for "load" on the window, we can just listen for "DOMContentLoaded" on the document (this will happen earlier). And as I mention down below, we can just call the existing onLoad function in here. @@ +44,5 @@ > > init: function() { > document.addEventListener("contextmenu", ContextMenus, false); > + document.getElementById("addToHomescreenLabel").addEventListener("click", ContextMenus.addToHomescreen); > + document.getElementById("uninstallLabel").addEventListener("click", ContextMenus.uninstall); Nit: Explicitly specify the third parameter as false in these addEventListener calls (same comment applies everywhere). You can also s/ContextMenus/this (and you can update the listener above to do the same thing). @@ +159,5 @@ > document.getElementById("main-container").classList.add("hidden"); > } > } > + > +function onWindowLoad() { Instead of creating this new onWindowLoad function, let's just use the current onLoad function, and we can add the new event listeners in there. @@ +164,5 @@ > + let body = document.querySelector("body") > + body.addEventListener("load", onLoad); > + let headerButton = document.getElementById("header-button") > + headerButton.addEventListener("click", function() { openLink(headerButton); }); > + let listItem = document.querySelector("div.list-item"); You should give this element an id, since I see there's only one element in the HTML that matches this. In fact, instead of doing these two different calls, we could use querySelectorAll to find all the elements with a "pref" attribute, then add listeners to them (since that's what we're really doing here). What about something like this? Array.prototype.forEach.call(document.querySelectorAll("[pref]"), elt => elt.addEventListener("click", openLink, false)); @@ +165,5 @@ > + body.addEventListener("load", onLoad); > + let headerButton = document.getElementById("header-button") > + headerButton.addEventListener("click", function() { openLink(headerButton); }); > + let listItem = document.querySelector("div.list-item"); > + listItem.addEventListener("click", function() { openLink(listItem); }); Instead of wrapping a function around openLink like this, let's just update openLink to take an event as a parameter instead of an element, and then we can just get at that element with event.target. With that change you can just pass in openLink directly as the handler.
Attachment #8347094 - Flags: review?(margaret.leibovic) → review-
Thanks for the review! The Array.prototype.forEach-thing is a terrible read, but I have taken your suggestions in this third revision. Can you take another look?
Attachment #8347094 - Attachment is obsolete: true
Attachment #8348589 - Flags: review?(margaret.leibovic)
(In reply to Frederik Braun [:freddyb] from comment #5) > The Array.prototype.forEach-thing is a terrible read You can blame NodeLists for not being real arrays! :) I was having fun using some advanced JS features, but for a less tricky-looking implementation, you can also just use a regular for loop if you prefer that. let elmts = document.querySelectorAll("[prefs]"); for (let i = 0; i < elmts.length; i++) { elmts[i].addEventListener(...); }
Comment on attachment 8348589 [details] [diff] [review] 8347094: putting inline JS into the existing aboutApps.js file (rev. 3) Review of attachment 8348589 [details] [diff] [review]: ----------------------------------------------------------------- Looks good to me, thanks! Feel free to update the forEach bit before landing if you prefer the other approach I suggested. ::: mobile/android/chrome/content/aboutApps.js @@ +22,5 @@ > .QueryInterface(Ci.nsIInterfaceRequestor) > .getInterface(Ci.nsIDOMWindow) > .QueryInterface(Ci.nsIDOMChromeWindow)); > > +document.addEventListener("DOMContentLoaded", onLoad); Nit: Add false as the third parameter here. @@ +88,5 @@ > > + Array.prototype.forEach.call(document.querySelectorAll("[pref]"), > + elt => elt.addEventListener("click", > + openLink, > + false)); Nit: You could put these three parameters all on the same line, we usually favor long lines over extra lines with little content.
Attachment #8348589 - Flags: review?(margaret.leibovic) → review+
Thanks for the review, carrying it over for this follow-up that addresses your nits. Somebody should really spec Nodelists to be proper Arrays.. :)
Attachment #8348589 - Attachment is obsolete: true
https://hg.mozilla.org/integration/fx-team/rev/337c0ae0b790
Keywords: checkin-needed
Whiteboard: [mentor=fbraun@mozilla.com][lang=html][good first bug][lang=js] → [mentor=fbraun@mozilla.com][lang=html][good first bug][lang=js][fixed-in-fx-team]
Looks like there were some typos in the patch that landed. I pushed a fix: https://hg.mozilla.org/integration/fx-team/rev/ebfa7ef811a6
https://hg.mozilla.org/mozilla-central/rev/337c0ae0b790 https://hg.mozilla.org/mozilla-central/rev/ebfa7ef811a6
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Whiteboard: [mentor=fbraun@mozilla.com][lang=html][good first bug][lang=js][fixed-in-fx-team] → [mentor=fbraun@mozilla.com][lang=html][good first bug][lang=js]
Target Milestone: --- → Firefox 29
(In reply to :Margaret Leibovic from comment #10) > Looks like there were some typos in the patch that landed. I pushed a fix: Ooops, thank you.
Depends on: 953048
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: