admin/Odoo-Modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(portal): account summary sort dropdown — drop inline JS for CSP safety

Browse Source 
The inline 'onchange=\"window.location.href = this.value\"' attribute on
the sort <select> is the only inline-JS handler in the project's QWeb
templates. Under a strict Content-Security-Policy (script-src 'self')
the handler silently fails, leaving the sort dropdown dead. Replace
with a tiny vanilla-JS file (fp_portal_account_summary.js) that attaches
the listener via class selector .o_fp_sort_select inside the Account
Summary page.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
gsinghpal
2026-05-17 14:23:01 -04:00
parent 77b84ac11b
commit cdc47554ed
3 changed files with 27 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
fusion_plating/fusion_plating_portal/__manifest__.py
View File

@@ -83,6 +83,7 @@ Copyright (c) 2026 Nexa Systems Inc. All rights reserved.
'fusion_plating_portal/static/src/scss/fusion_plating_portal.scss', 'fusion_plating_portal/static/src/scss/fusion_plating_portal.scss',
'fusion_plating_portal/static/src/js/fp_rfq_form.js', 'fusion_plating_portal/static/src/js/fp_rfq_form.js',
'fusion_plating_portal/static/src/js/fp_portal_sidebar.js', # NEW — Task 5 'fusion_plating_portal/static/src/js/fp_portal_sidebar.js', # NEW — Task 5
'fusion_plating_portal/static/src/js/fp_portal_account_summary.js', # NEW — Task 10 fix
], ],
}, },
'demo': [ 'demo': [

25
fusion_plating/fusion_plating_portal/static/src/js/fp_portal_account_summary.js Normal file
View File

@@ -0,0 +1,25 @@
/**
* Fusion Plating — Portal Account Summary
* Wires the sort dropdown change event to navigate to the option's value
* (which is a fully-formed /my/account_summary URL). Replaces an inline
* `onchange` attribute on the <select> so the template stays CSP-clean.
*/
(function () {
"use strict";
function init() {
document.querySelectorAll(".o_fp_account_summary select.o_fp_sort_select").forEach(function (sel) {
sel.addEventListener("change", function () {
if (sel.value) {
window.location.href = sel.value;
}
});
});
}
if (document.readyState === "loading") {
document.addEventListener("DOMContentLoaded", init);
} else {
init();
}
})();

3
fusion_plating/fusion_plating_portal/views/fp_portal_account_summary.xml
View File

@@ -56,8 +56,7 @@
style="max-width: 260px"/> style="max-width: 260px"/>
<button type="submit" class="o_fp_btn_secondary o_fp_btn_sm">Search</button> <button type="submit" class="o_fp_btn_secondary o_fp_btn_sm">Search</button>
</form> </form>
<select onchange="window.location.href = this.value" <select class="form-select form-select-sm o_fp_sort_select" style="max-width: 200px">
class="form-select form-select-sm" style="max-width: 200px">
<option t-att-value="'/my/account_summary?tab=' + active_tab + '&amp;filter_state=' + filter_state + '&amp;sort=date_desc&amp;search=' + search" <option t-att-value="'/my/account_summary?tab=' + active_tab + '&amp;filter_state=' + filter_state + '&amp;sort=date_desc&amp;search=' + search"
t-att-selected="sort == 'date_desc'">Newest first</option> t-att-selected="sort == 'date_desc'">Newest first</option>
<option t-att-value="'/my/account_summary?tab=' + active_tab + '&amp;filter_state=' + filter_state + '&amp;sort=date_asc&amp;search=' + search" <option t-att-value="'/my/account_summary?tab=' + active_tab + '&amp;filter_state=' + filter_state + '&amp;sort=date_asc&amp;search=' + search"