Refs #25706 - Removed inline JavaScript from OpenLayers template.

This allows setting a Content-Security-Policy HTTP header.
2021-11-30 06:35:15 +01:00 · 2021-11-30 06:35:15 +01:00 · 322a1a037d
parent 3ff7f6cf07
commit 322a1a037d
2 changed files with 8 additions and 1 deletions
--- a/django/contrib/gis/static/gis/js/OLMapWidget.js
+++ b/django/contrib/gis/static/gis/js/OLMapWidget.js
@ -107,6 +107,13 @@ ol.inherits(GeometryTypeControl, ol.control.Control);
        if (initial_value && !this.options.is_collection) {
            this.disableDrawing();
        }
+        const clearNode = document.getElementById(this.map.getTarget()).nextElementSibling;
+        if (clearNode.classList.contains('clear_features')) {
+            clearNode.querySelector('a').addEventListener('click', (ev) => {
+                ev.preventDefault();
+                self.clearFeatures();
+            });
+        }
        this.ready = true;
    }

--- a/django/contrib/gis/templates/gis/openlayers.html
+++ b/django/contrib/gis/templates/gis/openlayers.html
@ -9,7 +9,7 @@

 <div id="{{ id }}_div_map">
    <div id="{{ id }}_map"></div>
-    {% if not disabled %}<span class="clear_features"><a href="javascript:{{ module }}.clearFeatures()">{% translate "Delete all Features" %}</a></span>{% endif %}
+    {% if not disabled %}<span class="clear_features"><a href="">{% translate "Delete all Features" %}</a></span>{% endif %}
    {% if display_raw %}<p>{% translate "Debugging window (serialized value)" %}</p>{% endif %}
    <textarea id="{{ id }}" class="vSerializedField required" cols="150" rows="10" name="{{ name }}">{{ serialized }}</textarea>
    <script>