Escaped JSON to pass to client using UiUtils#escapeJs

openmrs · Jul 31, 2015 · c8ca635 · c8ca635
1 parent 8e65aa7
commit c8ca635
Show file tree

Hide file tree

Showing 10 changed files with 67 additions and 97 deletions.
diff --git a/api/src/main/java/org/openmrs/module/chartsearch/ChartSearchCache.java b/api/src/main/java/org/openmrs/module/chartsearch/ChartSearchCache.java
@@ -153,7 +153,7 @@ && fetchRightMatchedPreferences().isEnableBookmarks()) {
 
 				json.put("currentUuid", chartSearchService.getSearchBookmarkByUuid(bookmark.getUuid()).getUuid());
 			}
-			json.put("allBookmarks", GeneratingJson.getAllSearchBookmarksToReturnToUI(false));
+			json.put("allBookmarks", GeneratingJson.getAllSearchBookmarksToReturnToUI());
 
 			return json;
 		} else {
@@ -195,7 +195,7 @@ public JSONArray deleteSearchBookmark(String uuid) {
 
 		if (StringUtils.isNotBlank(uuid) && null != bookmark) {
 			chartSearchService.deleteSearchBookmark(bookmark);
-			return GeneratingJson.getAllSearchBookmarksToReturnToUI(false);
+			return GeneratingJson.getAllSearchBookmarksToReturnToUI();
 		} else
 			return null;
 	}
@@ -226,15 +226,15 @@ public JSONArray saveBookmarkProperties(String uuid, String bookmarkName, String
 
 			chartSearchService.saveSearchBookmark(bookmark);
 		}
-		return GeneratingJson.getAllSearchBookmarksToReturnTomanagerUI(false);
+		return GeneratingJson.getAllSearchBookmarksToReturnTomanagerUI();
 	}
 
 	public JSONArray deleteBookmarkInTheDialog(String uuid) {
 		ChartSearchBookmark bookmark = chartSearchService.getSearchBookmarkByUuid(uuid);
 		if (bookmark != null) {
 			chartSearchService.deleteSearchBookmark(bookmark);
 		}
-		return GeneratingJson.getAllSearchBookmarksToReturnTomanagerUI(false);
+		return GeneratingJson.getAllSearchBookmarksToReturnTomanagerUI();
 	}
 
 	public String fetchLastHistorySearchPhrase(Integer patientId) {
@@ -275,7 +275,7 @@ && fetchRightMatchedPreferences().isEnableNotes()) {
 			chartSearchService.saveSearchNote(note);
 
 			if (null != chartSearchService.getSearchNote(note.getNoteId())) {
-				GeneratingJson.addBothPersonalAndGlobalNotesToJSON(searchPhrase, patientId, json, false);
+				GeneratingJson.addBothPersonalAndGlobalNotesToJSON(searchPhrase, patientId, json);
 			} else {
 				json = null;
 			}
@@ -295,7 +295,7 @@ public JSONObject deleteSearchNote(String uuid, String searchPhrase, Integer pat
 			}
 		}
 
-		GeneratingJson.addBothPersonalAndGlobalNotesToJSON(searchPhrase, patientId, json, false);
+		GeneratingJson.addBothPersonalAndGlobalNotesToJSON(searchPhrase, patientId, json);
 
 		return json;
 	}
@@ -308,7 +308,7 @@ public JSONArray deleteHistoryOfSelectedUuids(String[] uuids) {
 				chartSearchService.deleteSearchHistory(history);
 			}
 		}
-		return GeneratingJson.getAllSearchHistoriesToSendToTheManageUI(false);
+		return GeneratingJson.getAllSearchHistoriesToSendToTheManageUI();
 	}
 
 	public JSONArray deleteBookmarkOfSelectedUuids(String[] uuids) {
@@ -319,7 +319,7 @@ public JSONArray deleteBookmarkOfSelectedUuids(String[] uuids) {
 				chartSearchService.deleteSearchBookmark(bookmark);
 			}
 		}
-		return GeneratingJson.getAllSearchBookmarksToReturnTomanagerUI(false);
+		return GeneratingJson.getAllSearchBookmarksToReturnTomanagerUI();
 	}
 
 	/**
@@ -390,10 +390,10 @@ public JSONArray setBookmarkAsDefaultSearch(String uuid) {
 				}
 			}
 		}
-		return GeneratingJson.getAllSearchBookmarksToReturnTomanagerUI(false);
+		return GeneratingJson.getAllSearchBookmarksToReturnTomanagerUI();
 	}
 
-	public JSONArray fetchAllNotesForManageUI(boolean wholePageIsToBeLoaded) {
+	public JSONArray fetchAllNotesForManageUI() {
 		JSONArray jsonArr = new JSONArray();
 		List<ChartSearchNote> allNotes = Lists.reverse(chartSearchService.getAllSearchNotes());//re-arrange to get the most recent/added first
 
@@ -406,7 +406,7 @@ public JSONArray fetchAllNotesForManageUI(boolean wholePageIsToBeLoaded) {
 				json.put("formatedCreatedOrLastModifiedAt", Context.getDateFormat()
 				        .format(note.getCreatedOrLastModifiedAt()));
 
-				GeneratingJson.addPhraseAndCommentNotesAttributes(wholePageIsToBeLoaded, note, json);
+				GeneratingJson.addPhraseAndCommentNotesAttributes(note, json);
 
 				json.put("patientId", note.getPatient().getPatientId());
 				json.put("patientFName", note.getPatient().getFamilyName());
@@ -427,7 +427,7 @@ public JSONArray deleteSelectedNotes(String[] uuids) {
 				}
 			}
 		}
-		return fetchAllNotesForManageUI(false);
+		return fetchAllNotesForManageUI();
 	}
 
 	public JSONArray saveEdittedNote(String uuid, String comment, String priority) {
@@ -441,7 +441,7 @@ public JSONArray saveEdittedNote(String uuid, String comment, String priority) {
 
 				chartSearchService.saveSearchNote(note);
 
-				return fetchAllNotesForManageUI(false);
+				return fetchAllNotesForManageUI();
 			}
 		} else
 			return null;

diff --git a/api/src/main/java/org/openmrs/module/chartsearch/GeneratingJson.java b/api/src/main/java/org/openmrs/module/chartsearch/GeneratingJson.java
@@ -54,7 +54,7 @@ public static ChartSearchService getChartSearchService() {
 
 	private ChartSearchCache cache = new ChartSearchCache();
 
-	public static String generateJson(boolean wholePageIsToBeLoaded) {
+	public static String generateJson() {
 
 		JSONObject jsonToReturn = new JSONObject();
 		List<ChartListItem> returnedResults = SearchAPI.getInstance().getResults();
@@ -89,8 +89,8 @@ public static String generateJson(boolean wholePageIsToBeLoaded) {
 		String[] searchSuggestions = getAllPossibleSuggestionsAsArray();
 		Integer patientId = SearchAPI.getInstance().getPatientId();
 
-		JSONArray history = getAllSearchHistoriesToSendToTheUI(wholePageIsToBeLoaded);
-		JSONArray bookmarks = getAllSearchBookmarksToReturnToUI(wholePageIsToBeLoaded);
+		JSONArray history = getAllSearchHistoriesToSendToTheUI();
+		JSONArray bookmarks = getAllSearchBookmarksToReturnToUI();
 		List<String> catNms = SearchAPI.getSelectedCategoryNames();
 		JSONArray allergies = generateAllergiesJSONFromResults(returnedResults);
 		JSONArray appointments = generateAppointmentsJSONFromResults(returnedResults);
@@ -106,16 +106,14 @@ public static String generateJson(boolean wholePageIsToBeLoaded) {
 		jsonToReturn.put("allLocations", getChartSearchService().getAllLocationsFromTheDB());
 		jsonToReturn.put("allProviders", getChartSearchService().getAllProvidersFromTheDB());
 
-		addBothPersonalAndGlobalNotesToJSON(searchPhrase, patientId, jsonToReturn, wholePageIsToBeLoaded);
+		addBothPersonalAndGlobalNotesToJSON(searchPhrase, patientId, jsonToReturn);
 
 		return jsonToReturn.toString();
 	}
 
-	public static void addBothPersonalAndGlobalNotesToJSON(String searchPhrase, Integer patientId, JSONObject json,
-	                                                       boolean wholePageIsToBeLoaded) {
-		JSONArray allPersonalNotes = GeneratingJson.getAllPersonalNotesOnASearch(searchPhrase, patientId,
-		    wholePageIsToBeLoaded);
-		JSONArray allGlobalNotes = GeneratingJson.getAllGlobalNotesOnASearch(searchPhrase, patientId, wholePageIsToBeLoaded);
+	public static void addBothPersonalAndGlobalNotesToJSON(String searchPhrase, Integer patientId, JSONObject json) {
+		JSONArray allPersonalNotes = GeneratingJson.getAllPersonalNotesOnASearch(searchPhrase, patientId);
+		JSONArray allGlobalNotes = GeneratingJson.getAllGlobalNotesOnASearch(searchPhrase, patientId);
 		String userName = Context.getAuthenticatedUser().getUsername();
 		String systemId = Context.getAuthenticatedUser().getSystemId();
 
@@ -131,15 +129,15 @@ private static String[] getAllPossibleSuggestionsAsArray() {
 		return searchSuggestions;
 	}
 
-	public static JSONArray getAllSearchHistoriesToSendToTheUI(boolean wholePageIsToBeLoaded) {
+	public static JSONArray getAllSearchHistoriesToSendToTheUI() {
 		JSONArray histories = new JSONArray();
 		List<ChartSearchHistory> allHistory = chartSearchService.getAllSearchHistory();
 
 		for (ChartSearchHistory history : allHistory) {
 			JSONObject json = null;
 			if (Context.getAuthenticatedUser().getUserId().equals(history.getHistoryOwner().getUserId())
 			        && history.getPatient().getPatientId().equals(SearchAPI.getInstance().getPatientId())) {
-				json = generateHistoryJSON(wholePageIsToBeLoaded, history);
+				json = generateHistoryJSON(history);
 			}
 			if (null != json) {
 				histories.add(json);
@@ -149,14 +147,14 @@ public static JSONArray getAllSearchHistoriesToSendToTheUI(boolean wholePageIsTo
 		return histories;
 	}
 
-	public static JSONArray getAllSearchHistoriesToSendToTheManageUI(boolean wholePageIsToBeLoaded) {
+	public static JSONArray getAllSearchHistoriesToSendToTheManageUI() {
 		JSONArray histories = new JSONArray();
 		List<ChartSearchHistory> allHistory = chartSearchService.getAllSearchHistory();
 
 		for (ChartSearchHistory history : allHistory) {
 			JSONObject json = null;
 			if (Context.getAuthenticatedUser().getUserId().equals(history.getHistoryOwner().getUserId())) {
-				json = generateHistoryJSON(wholePageIsToBeLoaded, history);
+				json = generateHistoryJSON(history);
 			}
 			if (null != json) {
 				histories.add(json);
@@ -166,15 +164,10 @@ public static JSONArray getAllSearchHistoriesToSendToTheManageUI(boolean wholePa
 		return histories;
 	}
 
-	private static JSONObject generateHistoryJSON(boolean wholePageIsToBeLoaded, ChartSearchHistory history) {
+	private static JSONObject generateHistoryJSON(ChartSearchHistory history) {
 		JSONObject json;
 		json = new JSONObject();
-
-		if (wholePageIsToBeLoaded) {
-			json.put("searchPhrase", appendBackwardSlashBeforeMustBePassedCharacters(history.getSearchPhrase()));
-		} else {
-			json.put("searchPhrase", history.getSearchPhrase());
-		}
+		json.put("searchPhrase", history.getSearchPhrase());
 		json.put("lastSearchedAt", history.getLastSearchedAt().getTime());//passing timestamp from java to client js is a better practice
 		json.put("formattedLastSearchedAt", Context.getDateFormat().format(history.getLastSearchedAt()));
 		json.put("uuid", history.getUuid());
@@ -183,8 +176,7 @@ private static JSONObject generateHistoryJSON(boolean wholePageIsToBeLoaded, Cha
 		return json;
 	}
 
-	public static JSONArray getAllPersonalNotesOnASearch(String searchPhrase, Integer patientId,
-	                                                     boolean wholePageIsToBeLoaded) {
+	public static JSONArray getAllPersonalNotesOnASearch(String searchPhrase, Integer patientId) {
 		JSONArray jsonArr = new JSONArray();
 		List<ChartSearchNote> allNotes = chartSearchService.getAllSearchNotes();
 		List<ChartSearchNote> allPersonalNotes = new ArrayList<ChartSearchNote>();
@@ -208,7 +200,7 @@ public static JSONArray getAllPersonalNotesOnASearch(String searchPhrase, Intege
 				json.put("backgroundColor", note.getDisplayColor());
 				json.put("formatedCreatedOrLastModifiedAt", Context.getDateFormat()
 				        .format(note.getCreatedOrLastModifiedAt()));
-				addPhraseAndCommentNotesAttributes(wholePageIsToBeLoaded, note, json);
+				addPhraseAndCommentNotesAttributes(note, json);
 				json.put("noteOwner", null == userName ? systemId : userName);
 
 				jsonArr.add(json);
@@ -217,18 +209,12 @@ public static JSONArray getAllPersonalNotesOnASearch(String searchPhrase, Intege
 		return jsonArr;
 	}
 
-	public static void addPhraseAndCommentNotesAttributes(boolean wholePageIsToBeLoaded, ChartSearchNote note,
-	                                                      JSONObject json) {
-		if (wholePageIsToBeLoaded) {
-			json.put("comment", appendBackwardSlashBeforeMustBePassedCharacters(note.getComment()));
-			json.put("searchPhrase", appendBackwardSlashBeforeMustBePassedCharacters(note.getSearchPhrase()));
-		} else {
-			json.put("comment", note.getComment());
-			json.put("searchPhrase", note.getSearchPhrase());
-		}
+	public static void addPhraseAndCommentNotesAttributes(ChartSearchNote note, JSONObject json) {
+		json.put("comment", note.getComment());
+		json.put("searchPhrase", note.getSearchPhrase());
 	}
 
-	public static JSONArray getAllGlobalNotesOnASearch(String searchPhrase, Integer patientId, boolean wholePageIsToBeLoaded) {
+	public static JSONArray getAllGlobalNotesOnASearch(String searchPhrase, Integer patientId) {
 		JSONArray jsonArr = new JSONArray();
 		List<ChartSearchNote> allNotes = chartSearchService.getAllSearchNotes();
 		List<ChartSearchNote> allGlobalNotes = new ArrayList<ChartSearchNote>();
@@ -252,7 +238,7 @@ public static JSONArray getAllGlobalNotesOnASearch(String searchPhrase, Integer
 				        .format(note.getCreatedOrLastModifiedAt()));
 				json.put("backgroundColor", note.getDisplayColor());
 
-				addPhraseAndCommentNotesAttributes(wholePageIsToBeLoaded, note, json);
+				addPhraseAndCommentNotesAttributes(note, json);
 
 				json.put("noteOwner", null == userName ? systemId : userName);
 
@@ -262,7 +248,7 @@ public static JSONArray getAllGlobalNotesOnASearch(String searchPhrase, Integer
 		return jsonArr;
 	}
 
-	public static JSONArray getAllSearchBookmarksToReturnToUI(boolean wholePageIsToBeLoaded) {
+	public static JSONArray getAllSearchBookmarksToReturnToUI() {
 		JSONArray bookmarks = new JSONArray();
 		List<ChartSearchBookmark> allBookmarks = chartSearchService.getAllSearchBookmarks();
 
@@ -271,7 +257,7 @@ public static JSONArray getAllSearchBookmarksToReturnToUI(boolean wholePageIsToB
 
 			if (Context.getAuthenticatedUser().getUserId().equals(curBookmark.getBookmarkOwner().getUserId())
 			        && curBookmark.getPatient().getPatientId().equals(SearchAPI.getInstance().getPatientId())) {
-				json = generateBookmarksJSON(wholePageIsToBeLoaded, curBookmark);
+				json = generateBookmarksJSON(curBookmark);
 			}
 
 			if (null != json) {
@@ -281,15 +267,15 @@ public static JSONArray getAllSearchBookmarksToReturnToUI(boolean wholePageIsToB
 		return bookmarks;
 	}
 
-	public static JSONArray getAllSearchBookmarksToReturnTomanagerUI(boolean wholePageIsToBeLoaded) {
+	public static JSONArray getAllSearchBookmarksToReturnTomanagerUI() {
 		JSONArray bookmarks = new JSONArray();
 		List<ChartSearchBookmark> allBookmarks = chartSearchService.getAllSearchBookmarks();
 
 		for (ChartSearchBookmark curBookmark : allBookmarks) {
 			JSONObject json = null;
 
 			if (Context.getAuthenticatedUser().getUserId().equals(curBookmark.getBookmarkOwner().getUserId())) {
-				json = generateBookmarksJSON(wholePageIsToBeLoaded, curBookmark);
+				json = generateBookmarksJSON(curBookmark);
 			}
 
 			if (null != json) {
@@ -299,17 +285,12 @@ public static JSONArray getAllSearchBookmarksToReturnTomanagerUI(boolean wholePa
 		return bookmarks;
 	}
 
-	private static JSONObject generateBookmarksJSON(boolean wholePageIsToBeLoaded, ChartSearchBookmark curBookmark) {
+	private static JSONObject generateBookmarksJSON(ChartSearchBookmark curBookmark) {
 		JSONObject json;
 		json = new JSONObject();
 
-		if (wholePageIsToBeLoaded) {
-			json.put("bookmarkName", appendBackwardSlashBeforeMustBePassedCharacters(curBookmark.getBookmarkName()));
-			json.put("searchPhrase", appendBackwardSlashBeforeMustBePassedCharacters(curBookmark.getSearchPhrase()));
-		} else {
-			json.put("bookmarkName", curBookmark.getBookmarkName());
-			json.put("searchPhrase", curBookmark.getSearchPhrase());
-		}
+		json.put("bookmarkName", curBookmark.getBookmarkName());
+		json.put("searchPhrase", curBookmark.getSearchPhrase());
 		json.put("categories", curBookmark.getSelectedCategories());
 		json.put("uuid", curBookmark.getUuid());
 		json.put("patientId", curBookmark.getPatient().getPatientId());
@@ -706,16 +687,6 @@ public static JSONObject generateFacetsJson(Count facet) {
 		return counts;
 	}
 
-	private static String appendBackwardSlashBeforeMustBePassedCharacters(String str) {
-		if (str.contains("'")) {
-			//str = str.replace("'", "\\'");
-		}
-		if (str.contains("\"")) {
-			str = str.replace("\"", "\\\"");
-		}
-		return str;
-	}
-
 	private static JSONObject generatePreferencesJSON(ChartSearchPreference pref) {
 		JSONObject json = new JSONObject();
 		//ChartSearchPreference pref = chartSearchService.getRightMatchedPreferences();

diff --git a/api/src/main/java/org/openmrs/module/chartsearch/SearchAPI.java b/api/src/main/java/org/openmrs/module/chartsearch/SearchAPI.java
@@ -67,13 +67,12 @@ public void clearResults() {
 		SearchAPI.resultList.clear();
 	}
 
-	public List<ChartListItem> search(Integer patientId, SearchPhrase searchPhrase, List<String> selectedCategoryNames,
-	                                  boolean reloadWholePage) {
+	public List<ChartListItem> search(Integer patientId, SearchPhrase searchPhrase, List<String> selectedCategoryNames) {
 		SearchAPI.patientId = patientId;
 		List<String> categories = null;
 		ChartSearchCache cache = new ChartSearchCache();
 
-		if (reloadWholePage && cache.fetchRightMatchedPreferences().isEnableDefaultSearch()
+		if (cache.fetchRightMatchedPreferences().isEnableDefaultSearch()
 		        && (searchPhrase.getPhrase().equals(",") || searchPhrase.getPhrase().equals(""))) {
 			JSONObject defaultSearchProps = cache.returnDefaultSearchPhrase(searchPhrase.getPhrase(),
 			    SearchAPI.getPatientId());

diff --git a/...org/openmrs/module/chartsearch/fragment/controller/ManageBookmarksFragmentController.java b/...org/openmrs/module/chartsearch/fragment/controller/ManageBookmarksFragmentController.java
@@ -14,16 +14,17 @@
 
 import org.openmrs.module.chartsearch.ChartSearchCache;
 import org.openmrs.module.chartsearch.GeneratingJson;
+import org.openmrs.ui.framework.UiUtils;
 import org.openmrs.ui.framework.fragment.FragmentModel;
 import org.springframework.web.bind.annotation.RequestParam;
 
 public class ManageBookmarksFragmentController {
 
 	ChartSearchCache cache = new ChartSearchCache();
 
-	public void controller(FragmentModel fragmentModel) {
-		fragmentModel.addAttribute("allFoundBookmarks", GeneratingJson.getAllSearchBookmarksToReturnTomanagerUI(true)
-		        .toString());
+	public void controller(FragmentModel fragmentModel, UiUtils ui) {
+		fragmentModel.addAttribute("allFoundBookmarks",
+		    ui.escapeJs(GeneratingJson.getAllSearchBookmarksToReturnTomanagerUI().toString()));
 	}
 
 	public JSONObject fetchBookmarkDetails(@RequestParam("uuid") String uuid) {

diff --git a/...a/org/openmrs/module/chartsearch/fragment/controller/ManageHistoryFragmentController.java b/...a/org/openmrs/module/chartsearch/fragment/controller/ManageHistoryFragmentController.java
@@ -13,16 +13,17 @@
 
 import org.openmrs.module.chartsearch.ChartSearchCache;
 import org.openmrs.module.chartsearch.GeneratingJson;
+import org.openmrs.ui.framework.UiUtils;
 import org.openmrs.ui.framework.fragment.FragmentModel;
 import org.springframework.web.bind.annotation.RequestParam;
 
 public class ManageHistoryFragmentController {
 
 	ChartSearchCache cache = new ChartSearchCache();
 
-	public void controller(FragmentModel fragmentModel) {
-		fragmentModel.addAttribute("allFoundHistory", GeneratingJson.getAllSearchHistoriesToSendToTheManageUI(true)
-		        .toString());
+	public void controller(FragmentModel fragmentModel, UiUtils ui) {
+		fragmentModel.addAttribute("allFoundHistory",
+		    ui.escapeJs(GeneratingJson.getAllSearchHistoriesToSendToTheManageUI().toString()));
 	}
 
 	public JSONArray deleteSelectedHistory(@RequestParam("selectedUuids[]") String[] uuids) {