fix(portal): account summary sort dropdown — drop inline JS for CSP safety

The inline 'onchange=\"window.location.href = this.value\"' attribute on the sort <select> is the only inline-JS handler in the project's QWeb templates. Under a strict Content-Security-Policy (script-src 'self') the handler silently fails, leaving the sort dropdown dead. Replace with a tiny vanilla-JS file (fp_portal_account_summary.js) that attaches the listener via class selector .o_fp_sort_select inside the Account Summary page. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-17 14:23:01 -04:00
parent 77b84ac11b
commit cdc47554ed
3 changed files with 27 additions and 2 deletions
--- a/fusion_plating/fusion_plating_portal/views/fp_portal_account_summary.xml
+++ b/fusion_plating/fusion_plating_portal/views/fp_portal_account_summary.xml
@@ -56,8 +56,7 @@
                                   style="max-width: 260px"/>
                            <button type="submit" class="o_fp_btn_secondary o_fp_btn_sm">Search</button>
                        </form>
-                        <select onchange="window.location.href = this.value"
-                                class="form-select form-select-sm" style="max-width: 200px">
+                        <select class="form-select form-select-sm o_fp_sort_select" style="max-width: 200px">
                            <option t-att-value="'/my/account_summary?tab=' + active_tab + '&amp;filter_state=' + filter_state + '&amp;sort=date_desc&amp;search=' + search"
                                    t-att-selected="sort == 'date_desc'">Newest first</option>
                            <option t-att-value="'/my/account_summary?tab=' + active_tab + '&amp;filter_state=' + filter_state + '&amp;sort=date_asc&amp;search=' + search"