Changes for page 新しい学校ページを作成
Last modified by Super Admin on 2026/03/22 00:39
From version 
26.1 
26.1
edited by Super Admin
on 2026/03/10 22:25
on 2026/03/10 22:25
Change comment:
There is no comment for this version
To version 28.1
28.1
edited by Super Admin
on 2026/03/12 17:54
on 2026/03/12 17:54
Change comment:
There is no comment for this version
Summary
Details
-
Page properties
-
- Content
-
... ... @@ -37,16 +37,6 @@ 37 37 #set($newObj = $newDoc.getObject('SeitokaiCode.SchoolClass', $objNum)) 38 38 $newObj.set('schoolCode', $schoolCode) 39 39 $newObj.set('schoolName', $schoolName) 40 - ## 現在の年度を初期値として設定(4月始まり) 41 - #set($now = $datetool.date) 42 - #set($currentYear = $datetool.format('yyyy', $now)) 43 - #set($currentMonth = $mathtool.toInteger($datetool.format('MM', $now))) 44 - #if($currentMonth >= 4) 45 - #set($fiscalYear = $currentYear) 46 - #else 47 - #set($fiscalYear = $mathtool.sub($mathtool.toInteger($currentYear), 1).toString()) 48 - #end 49 - $newObj.set('fiscalYear', $fiscalYear) 50 50 $newDoc.saveWithProgrammingRights('学校ページを新規作成') 51 51 ## 作成後にビューにリダイレクト 52 52 $response.sendRedirect($xwiki.getURL($targetPage, 'view')) ... ... @@ -118,6 +118,13 @@ 118 118 119 119 <script> 120 120 (function() { 111 + // XSSエスケープ関数 112 + function escapeHtml(s) { 113 + var div = document.createElement('div'); 114 + div.appendChild(document.createTextNode(s)); 115 + return div.innerHTML; 116 + } 117 + 121 121 // 学校マスターデータをJSON APIから取得 122 122 var schools = []; 123 123 var schoolsLoaded = false; ... ... @@ -161,11 +161,11 @@ 161 161 var li = document.createElement('li'); 162 162 li.className = 'search-result-item'; 163 163 li.innerHTML = 164 - '<div class="search-result-name">' + s.name + '</div>' + 161 + '<div class="search-result-name">' + escapeHtml(s.name) + '</div>' + 165 165 '<div class="search-result-info">' + 166 - s.pref + ' ' + s.city + ' ・ ' + s.type + '(' + s.est + ')' + 163 + escapeHtml(s.pref) + ' ' + escapeHtml(s.city) + ' ・ ' + escapeHtml(s.type) + '(' + escapeHtml(s.est) + ')' + 167 167 '</div>' + 168 - '<div class="search-result-code">' + s.code + '</div>'; 165 + '<div class="search-result-code">' + escapeHtml(s.code) + '</div>'; 169 169 li.onclick = function() { selectSchool(s); }; 170 170 resultsList.appendChild(li); 171 171 });