From 259ffbb037a050ae40c0c2ac9d1db3af7c8ad0ab Mon Sep 17 00:00:00 2001 From: Gijs Wassink Date: Thu, 22 Apr 2021 13:46:05 +0000 Subject: [PATCH] FCLT#66362: Accessibility score verbeteren svn path=/Website/trunk/; revision=51025 --- APPL/API/phonebook_js.asp | 2 +- APPL/BES/bes_edit_bestelling.asp | 2 +- APPL/BES/bes_fe_menu.asp | 2 +- APPL/BES/sel_items_tab.js | 4 ++-- APPL/CAD/LoadInsLegenda.asp | 2 +- APPL/CAD/LoadInsNew.asp | 2 +- APPL/CAD/cad_verify_report.js | 4 ++-- APPL/CAD/fullscreen.asp | 2 +- APPL/CHAT/Chatter.asp | 2 +- APPL/FAC/fac_header.inc | 2 +- APPL/FAC/fac_report.asp | 2 +- APPL/FAC/fac_user_info.asp | 2 +- APPL/FAC/fac_user_info_phone.asp | 2 +- APPL/INS/ins_edit_deel.asp | 4 ++-- APPL/MLD/opdr_plan.inc | 4 ++-- APPL/PDA/iface.inc | 8 ++++---- APPL/PDA/user_info.asp | 2 +- APPL/PRS/prs_edit_perslid.asp | 2 +- APPL/PRS/prs_phonebook_list.asp | 2 +- APPL/PRS/prs_show_perslid.asp | 2 +- APPL/RES/res_cat.inc | 2 +- APPL/RES/res_plan_obj.inc | 2 +- APPL/RES/res_plan_room.inc | 2 +- 23 files changed, 30 insertions(+), 30 deletions(-) diff --git a/APPL/API/phonebook_js.asp b/APPL/API/phonebook_js.asp index 1aba745fe5..3827e9b83d 100644 --- a/APPL/API/phonebook_js.asp +++ b/APPL/API/phonebook_js.asp @@ -127,7 +127,7 @@ function L(p_lcl) var trs = ""; if (window.facilitor.phonebook_options.toonFoto && data.photopath) { - trs += "<%=L("lcl_menu_prs_phonebook")%>"; + trs += "<%=safe.htmlattr(L("lcl_menu_prs_phonebook"))%>"; } var fld; for (fld in window.facilitor.phonebook_options.fields) diff --git a/APPL/BES/bes_edit_bestelling.asp b/APPL/BES/bes_edit_bestelling.asp index 9f1b13b194..e4e136ec7b 100644 --- a/APPL/BES/bes_edit_bestelling.asp +++ b/APPL/BES/bes_edit_bestelling.asp @@ -990,7 +990,7 @@ else // nieuwe bestelling. Defaults bepalen src="../Pictures/no_photo.gif" id="photo" onload="FcltMgr.resized()" - alt="<%=L("lcl_res_article")%>" + alt="<%=safe.htmlattr(L("lcl_res_article"))%>" onClick=""> diff --git a/APPL/BES/bes_fe_menu.asp b/APPL/BES/bes_fe_menu.asp index 296e797b4a..b0c848add9 100644 --- a/APPL/BES/bes_fe_menu.asp +++ b/APPL/BES/bes_fe_menu.asp @@ -166,7 +166,7 @@ while (!oRs.Eof) } else { - %> <%=L("lcl_bes_bestelling")%> <% + %> <%=safe.htmlattr(L("lcl_bes_bestelling"))%> <% } } else diff --git a/APPL/BES/sel_items_tab.js b/APPL/BES/sel_items_tab.js index 5f1481faeb..6b85dcce51 100644 --- a/APPL/BES/sel_items_tab.js +++ b/APPL/BES/sel_items_tab.js @@ -770,12 +770,12 @@ function showStaffelKortingResult( json) if (grenswaardetot == "null") { // Als er geen grenswaarde tot is dan "Korting boven €500,00 ....." var textstring = (opdrachtkortingbedrag > 0? L("lcl_bes_st_discount_above") : L("lcl_bes_st_excharge_above")) + num2curr(grenswaardevanaf) + ": " + opdrachtkorting + "%" - + " " + (opdrachtkortingbedrag > 0? L("lcl_bes_st_discount_above") : L("lcl_bes_st_excharge_above")) + ""; + + " " + (opdrachtkortingbedrag > 0? safe.htmlattr(L("lcl_bes_st_discount_above")) : safe.htmlattr(L("lcl_bes_st_excharge_above"))) + ""; } else { // Als er een grenswaarde tot is dan "Korting tot €1000,00 ....." var textstring = (opdrachtkortingbedrag > 0? L("lcl_bes_st_discount_under") : L("lcl_bes_st_excharge_under")) + num2curr(grenswaardetot) + ": " + opdrachtkorting + "%" - + " " + (opdrachtkortingbedrag > 0? L("lcl_bes_st_discount_under") : L("lcl_bes_st_excharge_under")) + ""; + + " " + (opdrachtkortingbedrag > 0? safe.htmlattr(L("lcl_bes_st_discount_under")) : safe.htmlattr(L("lcl_bes_st_excharge_under"))) + ""; } tabeltext += getTrText(textstring, "", "", addColor(num2curr(opdrachtkortingbedrag * -1)), num2curr(opdrachtkortingbedrag), "okb"); } diff --git a/APPL/CAD/LoadInsLegenda.asp b/APPL/CAD/LoadInsLegenda.asp index 279cfee966..af146875ae 100644 --- a/APPL/CAD/LoadInsLegenda.asp +++ b/APPL/CAD/LoadInsLegenda.asp @@ -98,7 +98,7 @@ var lastDisc = -1; // Tussen/title regeltjes <% } %> - <%=L(" class="legins" style="width:24px;height:24px;border:1px solid black;" src="mysymbol.asp?paperColor=0&sizeX=24&sizeY=24&srtdeel=<%=oRs("ins_srtdeel_key").value%>"> + <%=safe.htmlattr(L(" class="legins" style="width:24px;height:24px;border:1px solid black;" src="mysymbol.asp?paperColor=0&sizeX=24&sizeY=24&srtdeel=<%=oRs("ins_srtdeel_key").value%>"> "> <%=oRs("ins_srtdeel_omschrijving").value + " (" + oRs("aantal").value + "x)"%> diff --git a/APPL/CAD/LoadInsNew.asp b/APPL/CAD/LoadInsNew.asp index f983c95856..d420cabcb6 100644 --- a/APPL/CAD/LoadInsNew.asp +++ b/APPL/CAD/LoadInsNew.asp @@ -56,7 +56,7 @@ var lastDisc = -1; // Tussen/title regeltjes } %> - <%=L(" + <%=safe.htmlattr(L(" src="mysymbol.asp?paperColor=0&sizeX=24&sizeY=24&srtdeel=<%=oRs("ins_srtdeel_key").value%>" onmousedown='(function(evt){evt.preventDefault && evt.preventDefault()})(event)'> diff --git a/APPL/CAD/cad_verify_report.js b/APPL/CAD/cad_verify_report.js index 1783498936..0be7bab0fc 100644 --- a/APPL/CAD/cad_verify_report.js +++ b/APPL/CAD/cad_verify_report.js @@ -244,7 +244,7 @@ function stream2base64(str) return b64text; } Response.Write("

Original drawing

"); -Response.Write("" + L("lcl_prj_tekeningen") + "".format(stream2base64(xc.GetAsPNG()))); +Response.Write("" + safe.htmlattr(L("lcl_prj_tekeningen")) + "".format(stream2base64(xc.GetAsPNG()))); Response.Write("

Processed drawing (recognized rooms only)

"); @@ -275,7 +275,7 @@ xc2.Maximize=true; xc2.PaperColor=(0); //' Anders zien we de label zo slecht... xc2.PaperColor = 0xFFFFFF; xc2.SetDimensions(800,600, 0, 0, 1); -Response.Write("" + L("lcl_prj_tekeningen") + "".format(stream2base64(xc2.GetAsPNG()))); +Response.Write("" + safe.htmlattr(L("lcl_prj_tekeningen")) + "".format(stream2base64(xc2.GetAsPNG()))); fso.DeleteFile(tempW2D); Response.Write("

Detected {0} layers

".format(xc.layercount)); diff --git a/APPL/CAD/fullscreen.asp b/APPL/CAD/fullscreen.asp index 7641fb9527..623dd9c99f 100644 --- a/APPL/CAD/fullscreen.asp +++ b/APPL/CAD/fullscreen.asp @@ -69,7 +69,7 @@ function init() -
<%=L(" src="<%=custpath%>/<%=S("fac_logo_file")%>">
+
<%=safe.htmlattr(L(" src="<%=custpath%>/<%=S("fac_logo_file")%>">
diff --git a/APPL/CHAT/Chatter.asp b/APPL/CHAT/Chatter.asp index 4cd3dff0df..14604d03e3 100644 --- a/APPL/CHAT/Chatter.asp +++ b/APPL/CHAT/Chatter.asp @@ -71,7 +71,7 @@ } else { - return userphotoResult.format(onclick, '' + L('); + return userphotoResult.format(onclick, '' + safe.htmlattr(L('); } } diff --git a/APPL/FAC/fac_header.inc b/APPL/FAC/fac_header.inc index ceadc15219..229ba81e53 100644 --- a/APPL/FAC/fac_header.inc +++ b/APPL/FAC/fac_header.inc @@ -101,7 +101,7 @@ function avatar() } else { - Response.write("
" + L("fac_profiel") + " " + L("lcl_photos") + "
"); + Response.write("
" + safe.htmlattr(L("fac_profiel")) + " " + safe.htmlattr(L("lcl_photos")) + "
"); } } diff --git a/APPL/FAC/fac_report.asp b/APPL/FAC/fac_report.asp index 7502dd1676..ed264a769c 100644 --- a/APPL/FAC/fac_report.asp +++ b/APPL/FAC/fac_report.asp @@ -920,7 +920,7 @@ function fac_usrrap_list_graph (model, scf_params) { $("#myGraph").find("table.jqplot-table-legend").remove(); var imgData = $("#myGraph").jqplotToImageStr({}); - document.getElementById("myGraph").innerHTML = "<%=L("lcl_menu_fac_graphs")%>"; + document.getElementById("myGraph").innerHTML = "<%=safe.htmlattr(L("lcl_menu_fac_graphs"))%>"; $("#toImgButton").hide(); //untested FcltMgr.alert(L("lcl_viewimagealert")); } diff --git a/APPL/FAC/fac_user_info.asp b/APPL/FAC/fac_user_info.asp index 3cedafa7f0..81e2ff1b08 100644 --- a/APPL/FAC/fac_user_info.asp +++ b/APPL/FAC/fac_user_info.asp @@ -237,7 +237,7 @@ prs.checkAutorisation(prs_key); BLOCK_START("prsNaw", L("lcl_prs_basisblok"), {buttons: btns, icon: "fa-address-card"}); Response.write(""); - Response.write("" + L("fac_profiel") + " " + L("lcl_photos") + "" + safe.htmlattr(L("fac_profiel")) + " " + safe.htmlattr(L("lcl_photos")) + "" + ((S("prs_use_edit_photo") && canChange) ? "" + I("fa-pencil-alt") + "" : "") + ""); diff --git a/APPL/FAC/fac_user_info_phone.asp b/APPL/FAC/fac_user_info_phone.asp index 351bead921..42cb4b6ab7 100644 --- a/APPL/FAC/fac_user_info_phone.asp +++ b/APPL/FAC/fac_user_info_phone.asp @@ -97,7 +97,7 @@ IFRAMER_HEADER("Facilitor Vinder", buttons); { %><%=I("fa-pencil-alt")%><% } - Response.write("" + ("fac_profiel") + " " + L("lcl_photos") + ""); + Response.write("" + safe.htmlattr(L("fac_profiel")) + " " + safe.htmlattr(L("lcl_photos")) + ""); ROFIELDTR("fld", L("lcl_prs_person_email"), thisUser.prs_perslid_email, { suppressEmpty: true, type: "email" }); ROFIELDTR("fld", L("lcl_prs_person_dept_name"), thisUser.prs_afdeling_naam); diff --git a/APPL/INS/ins_edit_deel.asp b/APPL/INS/ins_edit_deel.asp index 94be9dd710..09b1b869e7 100644 --- a/APPL/INS/ins_edit_deel.asp +++ b/APPL/INS/ins_edit_deel.asp @@ -773,13 +773,13 @@ var ins_deel_aantal = 1; if (fso.FileExists(Server.MapPath(imageFile))) { %>
- <%=L(" src="<%=safe.htmlattr(imageFile)%>"> + <%=safe.htmlattr(L(" src="<%=safe.htmlattr(imageFile)%>"> <% } } else { %> diff --git a/APPL/MLD/opdr_plan.inc b/APPL/MLD/opdr_plan.inc index 088bbcf041..fb2280a888 100644 --- a/APPL/MLD/opdr_plan.inc +++ b/APPL/MLD/opdr_plan.inc @@ -691,7 +691,7 @@ function opdr_plan(params) { // Toegewezen. var thisUser = new Perslid(prs_key); // geeft ook handige informatie %> - <%=L("fac_profiel") + " " + L("lcl_photos")%> + <%=safe.htmlattr(L("fac_profiel")) + " " + safe.htmlattr(L("lcl_photos"))%> <%=safe.html(uitv_naam)%>
<%=safe.html(behandelaar)%> @@ -705,7 +705,7 @@ function opdr_plan(params) break; case "PI": var thisUser = new Perslid(uitv_key); // geeft ook handige informatie %> - <%=L("fac_profiel") + " " + L("lcl_photos")%> + <%=safe.htmlattr(L("fac_profiel")) + " " + safe.htmlattr(L("lcl_photos"))%> <%=safe.html(thisUser.naam())%> diff --git a/APPL/PDA/iface.inc b/APPL/PDA/iface.inc index 9e3d2e3b2d..a325616fd7 100644 --- a/APPL/PDA/iface.inc +++ b/APPL/PDA/iface.inc @@ -126,7 +126,7 @@ function FOOTER(params) if (params.thisuser) { %> - <%=L(" id="photo" src="<%=safe.htmlattr(params.thisuser.photopaththumb)%>" class="footerphoto"> + <%=safe.htmlattr(L(" id="photo" src="<%=safe.htmlattr(params.thisuser.photopaththumb)%>" class="footerphoto"> <% } %>
<% @@ -457,7 +457,7 @@ function CATLIST_ARTIKEL(p_cat_id, params) var vlabel = ""; %>
  • - <%=L(" src="<%=params.image%>"/> + <%=safe.htmlattr(L(" src="<%=params.image%>"/>

    <%=safe.html(params.omschrijving)%>

    @@ -478,7 +478,7 @@ function CATLIST_ARTIKEL(p_cat_id, params) { // toevoegen/wijzigen catering %>
  • - <%=L(" src="<%=params.image%>"> + <%=safe.htmlattr(L(" src="<%=params.image%>">

    <%=safe.html(params.omschrijving)%>

    @@ -527,7 +527,7 @@ function I(icon, params) else { // an image - return "" + L("mgt_kenmerk_icon") + "".format(rooturl, icon); + return "" + safe.htmlattr(L("mgt_kenmerk_icon")) + "".format(rooturl, icon); } } } diff --git a/APPL/PDA/user_info.asp b/APPL/PDA/user_info.asp index 1d058c7c77..d494a9c845 100644 --- a/APPL/PDA/user_info.asp +++ b/APPL/PDA/user_info.asp @@ -150,7 +150,7 @@ var photoMap = thisUser.photomap; // map waarin de foto wordt opgeslagen
    - <%=L(" class="selfie" src="<%=safe.htmlattr(photoFile) %>" + <%=safe.htmlattr(L(" class="selfie" src="<%=safe.htmlattr(photoFile) %>" <% if (S("prs_use_edit_photo") && canChange) diff --git a/APPL/PRS/prs_edit_perslid.asp b/APPL/PRS/prs_edit_perslid.asp index 42ef8629f7..11a7e4cab9 100644 --- a/APPL/PRS/prs_edit_perslid.asp +++ b/APPL/PRS/prs_edit_perslid.asp @@ -223,7 +223,7 @@ BLOCK_START("prsPerslid", L("lcl_prs_basisblok"), {buttons: btns, icon: "fa-id-c if (prs_key > 0) // Fotoblokje alleen bij bestaande records { Response.write(""); - Response.write("" + L("fac_profiel") + " " + L("lcl_photos") + "" + (prsauthparams.writeuse ? "" + I("fa-pencil-alt") + "" : "") + ""); + Response.write("" + safe.htmlattr(L("fac_profiel")) + " " + safe.htmlattr(L("lcl_photos")) + "" + (prsauthparams.writeuse ? "" + I("fa-pencil-alt") + "" : "") + ""); } manRWFIELD("prs_naam", "fld", L("lcl_prs_person_name"), prs_naam, {required: true, maxlength: 60}); var sql = "SELECT 0, "+safe.quoted_sql(L("lcl_prs_person_geslachtV"))+" FROM DUAL UNION ALL" diff --git a/APPL/PRS/prs_phonebook_list.asp b/APPL/PRS/prs_phonebook_list.asp index 4a211b85fc..1ff3924458 100644 --- a/APPL/PRS/prs_phonebook_list.asp +++ b/APPL/PRS/prs_phonebook_list.asp @@ -404,7 +404,7 @@ var met_foto = getQParam("pb_photo","off")=="on"; { // Photo link als we geen andere details mogen zien if ( oRs("fotopubliek").Value==S("prs_photo_kenmerk_showval")) if (outputmode == 0) - return "" + L("prs_kenmerk") + ""; + return "" + safe.htmlattr(L("prs_kenmerk")) + ""; else return "[P]"; // niet erg zinvol, maar alla else diff --git a/APPL/PRS/prs_show_perslid.asp b/APPL/PRS/prs_show_perslid.asp index 1a5d119904..18830deae2 100644 --- a/APPL/PRS/prs_show_perslid.asp +++ b/APPL/PRS/prs_show_perslid.asp @@ -270,7 +270,7 @@ var prs_user = new Perslid(prs_key); %> <% BLOCK_START("prsPerslid", L("lcl_prs_basisblok"), {icon: "fa-id-card-alt"}); - Response.write("" + L("fac_profiel") + " " + L("lcl_photos") + ""); + Response.write("" + safe.htmlattr(L("fac_profiel")) + " " + safe.htmlattr(L("lcl_photos")) + ""); ROFIELDTR("fld", L("lcl_prs_person_name"), prs_naam); ROFIELDTR("fld", L("lcl_prs_person_geslacht"), { 0: L("lcl_prs_person_geslachtV"), 1: L("lcl_prs_person_geslachtM") }[prs_geslacht] , {suppressEmpty: true}); diff --git a/APPL/RES/res_cat.inc b/APPL/RES/res_cat.inc index 16fbcc93bd..4ccc2622a6 100644 --- a/APPL/RES/res_cat.inc +++ b/APPL/RES/res_cat.inc @@ -262,7 +262,7 @@ function make_cat(discipline_key, rsv_ruimte_key, existing_only, res_artikel_key if (oRs("res_artikel_image").Value) { var image_url = S("res_image_path") + "artikel/" + oRs("res_artikel_image").Value; - safe_tooltip += "" + L("lcl_res_article") + "
    " + safe_tooltip += "" + safe.htmlattr(L("lcl_res_article")) + "
    " } // Over de opmerking doen we geen safe.html zodat HTML code gebruikt kan worden diff --git a/APPL/RES/res_plan_obj.inc b/APPL/RES/res_plan_obj.inc index 175cc3225d..cfe26de484 100644 --- a/APPL/RES/res_plan_obj.inc +++ b/APPL/RES/res_plan_obj.inc @@ -374,7 +374,7 @@ function make_plan_obj(disc_key, res_van, res_tot, params) var safe_tooltip = safe.html(res_deel_omschrijving); if (res_deel_image) { - safe_tooltip += "

    " + L("lcl_reservation") + "" + safe_tooltip += "

    " + safe.htmlattr(L("lcl_reservation")) + "" } if (res_deel_opm2) safe_tooltip += "
    " + safe.html(res_deel_opm2); diff --git a/APPL/RES/res_plan_room.inc b/APPL/RES/res_plan_room.inc index 874bae2244..139c1e9af5 100644 --- a/APPL/RES/res_plan_room.inc +++ b/APPL/RES/res_plan_room.inc @@ -500,7 +500,7 @@ __Log("start make_plan_room"); { if (!room.image_url) room.image_url = S("res_image_path") + room.image; - safe_tooltip += "

    " + L("lcl_room") + "" + safe_tooltip += "

    " + safe.htmlattr(L("lcl_room")) + "" } %>