fix(portal): account summary sort dropdown — drop inline JS for CSP safety

The inline 'onchange=\"window.location.href = this.value\"' attribute on the sort <select> is the only inline-JS handler in the project's QWeb templates. Under a strict Content-Security-Policy (script-src 'self') the handler silently fails, leaving the sort dropdown dead. Replace with a tiny vanilla-JS file (fp_portal_account_summary.js) that attaches the listener via class selector .o_fp_sort_select inside the Account Summary page. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-17 14:23:01 -04:00
parent 77b84ac11b
commit cdc47554ed
3 changed files with 27 additions and 2 deletions
--- a/fusion_plating/fusion_plating_portal/manifest.py
+++ b/fusion_plating/fusion_plating_portal/manifest.py
@@ -83,6 +83,7 @@ Copyright (c) 2026 Nexa Systems Inc. All rights reserved.
            'fusion_plating_portal/static/src/scss/fusion_plating_portal.scss',
            'fusion_plating_portal/static/src/js/fp_rfq_form.js',
            'fusion_plating_portal/static/src/js/fp_portal_sidebar.js',  # NEW — Task 5
+            'fusion_plating_portal/static/src/js/fp_portal_account_summary.js',  # NEW — Task 10 fix
        ],
    },
    'demo': [
--- a/fusion_plating/fusion_plating_portal/static/src/js/fp_portal_account_summary.js
+++ b/fusion_plating/fusion_plating_portal/static/src/js/fp_portal_account_summary.js
@@ -0,0 +1,25 @@
+/**
+ * Fusion Plating — Portal Account Summary
+ * Wires the sort dropdown change event to navigate to the option's value
+ * (which is a fully-formed /my/account_summary URL). Replaces an inline
+ * `onchange` attribute on the <select> so the template stays CSP-clean.
+ */
+(function () {
+    "use strict";
+
+    function init() {
+        document.querySelectorAll(".o_fp_account_summary select.o_fp_sort_select").forEach(function (sel) {
+            sel.addEventListener("change", function () {
+                if (sel.value) {
+                    window.location.href = sel.value;
+                }
+            });
+        });
+    }
+
+    if (document.readyState === "loading") {
+        document.addEventListener("DOMContentLoaded", init);
+    } else {
+        init();
+    }
+})();
--- a/fusion_plating/fusion_plating_portal/views/fp_portal_account_summary.xml
+++ b/fusion_plating/fusion_plating_portal/views/fp_portal_account_summary.xml
@@ -56,8 +56,7 @@
                                   style="max-width: 260px"/>
                            <button type="submit" class="o_fp_btn_secondary o_fp_btn_sm">Search</button>
                        </form>
-                        <select onchange="window.location.href = this.value"
-                                class="form-select form-select-sm" style="max-width: 200px">
+                        <select class="form-select form-select-sm o_fp_sort_select" style="max-width: 200px">
                            <option t-att-value="'/my/account_summary?tab=' + active_tab + '&amp;filter_state=' + filter_state + '&amp;sort=date_desc&amp;search=' + search"
                                    t-att-selected="sort == 'date_desc'">Newest first</option>
                            <option t-att-value="'/my/account_summary?tab=' + active_tab + '&amp;filter_state=' + filter_state + '&amp;sort=date_asc&amp;search=' + search"