TT#120309 fix datatable escape html rendering

* in mRender (custom_renderers), "data" variable is
  a string, therefore data.escapeHtml could not be used
* add new function argument "opt", where it is a dedicated hash
  containing custom passable options, so it now looks as
  function(data, type, full, opt)
* adapted the existing code to include/use the new argument where
  applicable

Change-Id: I4957eece3b2d0f6359cbc8f36caf5a350d7bad95
(cherry picked from commit 87bdb69560)

lib/NGCP/Panel/Controller/Billing.pm

@@ -345,7 +345,7 @@ sub fees_list :Chained('base') :PathPart('fees') :CaptureArgs(0) {
         { name => 'source', search => 1, title => $c->loc('Source Pattern') },
         { name => 'destination', search => 1, title => $c->loc('Destination Pattern') },
         { name => 'match_mode', search => 0, title => $c->loc('Match Mode'),
-          custom_renderer => 'function ( data, type, full ) {'.
+          custom_renderer => 'function ( data, type, full, opt ) {'.
             'if(full.match_mode == "regex_longest_pattern"){return "' . $c->loc('Regular expression - longest pattern') . '";}'.
             'else if(full.match_mode == "regex_longest_match"){return "' . $c->loc('Regular expression - longest match') . '";}'.
             'else if(full.match_mode == "prefix"){return "' . $c->loc('Prefix string') . '";}'.

lib/NGCP/Panel/Controller/Customer.pm

@@ -51,7 +51,7 @@ sub list_customer :Chained('/') :PathPart('customer') :CaptureArgs(0) {
         { name => "contact.email", search => 1, title => $c->loc("Contact Email") },
         { name => "contact.firstname", search => 1, title => '' },
         { name => "contact.lastname", search => 1, title => $c->loc("Name"),
-            custom_renderer => 'function ( data, type, full ) { var sep = (full.contact_firstname && full.contact_lastname) ? " " : ""; return (full.contact_firstname || "") + sep + (full.contact_lastname || ""); }' },
+            custom_renderer => 'function ( data, type, full, opt ) { var sep = (full.contact_firstname && full.contact_lastname) ? " " : ""; return (full.contact_firstname || "") + sep + (full.contact_lastname || ""); }' },
         { name => "product.name", search => 1, title => $c->loc("Product") },
         { name => 'billing_profile_name', accessor => "billing_profile_name", search => 0, title => $c->loc('Billing Profile'),
           literal_sql => '""' },

lib/NGCP/Panel/Field/ProfileNetwork.pm

@@ -12,7 +12,7 @@ has_field 'profile_id' => (
     ajax_src => '/billing/ajax',
     table_titles => ['#', 'Reseller', 'Profile'],
     table_fields => ['id', 'reseller_name', 'name'],
-    custom_renderers => { name => 'function ( data, type, full ) { if(data.length > 13) data = data.substring(0,10) + \'...\'; return data; }'}
+    custom_renderers => { name => 'function ( data, type, full, opt ) { if(data.length > 13) data = data.substring(0,10) + \'...\'; return data; }'}
 );
 
 has_field 'network_id' => (
@@ -25,7 +25,7 @@ has_field 'network_id' => (
     ajax_src => '/network/ajax',
     table_titles => ['#', 'Reseller', 'Network'],
     table_fields => ['id', 'reseller_name', 'name'],
-    custom_renderers => { name => 'function ( data, type, full ) { if(data.length > 13) data = data.substring(0,10) + \'...\'; return data; }'}
+    custom_renderers => { name => 'function ( data, type, full, opt ) { if(data.length > 13) data = data.substring(0,10) + \'...\'; return data; }'}
 );
 
 no Moose;

lib/NGCP/Panel/Utils/Billing.pm

@@ -499,7 +499,7 @@ sub get_datatable_cols {
     my ($c) = @_;
     return (
         { name => "prepaid", "search" => 0, "title" => $c->loc("Prepaid"),
-          custom_renderer => 'function ( data, type, full ) { data.escapeHtml = false; return \'<input type="checkbox" disabled="disabled"\' + (full.prepaid == 1 ? \' checked="checked"\': \'\') + \'/>\'; }' },
+          custom_renderer => 'function ( data, type, full, opt ) { opt.escapeHtml = false; return \'<input type="checkbox" disabled="disabled"\' + (full.prepaid == 1 ? \' checked="checked"\': \'\') + \'/>\'; }' },
         { name => "contract_cnt", "search" => 0, "title" => $c->loc("Used (contracts)"), },
         { name => "package_cnt", "search" => 0, "title" => $c->loc("Used (packages)"), },
 

share/templates/helpers/datatables.tt

@@ -112,7 +112,7 @@ $(document).ready(function() {
                 "className": 'hidden',
                 "hidden": true,
                 [%END%]
-                "mRender": function ( data, type, full ) {
+                "mRender": function ( data, type, full, opt ) {
                     [% IF !helper.options.${f}.dont_skip_empty_data %]
                     if(data == null)
                       return '';
@@ -120,14 +120,17 @@ $(document).ready(function() {
                     if(data == null)
                       data = '';
                     [% END %]
+                    if (typeof opt !== 'object') {
+                        opt = {};
+                    }
+                    opt.escapeHtml = true; // always escape HTML by default
                     [% IF helper.custom_renderers.${f} -%]
-                        data.escapeHtml = true; //true by default;
                         var renderCustom = [% helper.custom_renderers.${f} -%];
                     [% ELSE -%]
-                        var renderCustom = function(data, type, full) { data.escapeHtml = true; return data; };
+                        var renderCustom = function(data, type, full, opt) { return data; };
                     [% END -%]
-                    var str = String(renderCustom(data, type, full));
+                    var str = String(renderCustom(data, type, full, opt));
-                    if (data.escapeHtml) {
+                    if (opt.escapeHtml) {
                         return str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');//"
                     }
                     return str;
@@ -135,7 +138,7 @@ $(document).ready(function() {
                 "bSortable": [% IF helper.column_sortable_map.${f} %] true [% ELSE %] false [% END %]
             },
             [% END -%]
-            {   "mRender": function ( data, type, full ) {
+            {   "mRender": function ( data, type, full, opt ) {
                     var html = '' +
                     '<div class="sw_actions pull-right">';
                     [%

share/templates/helpers/datatables_field.tt

@@ -38,20 +38,20 @@ $(document).ready(function() {
                             [%IF table_titles.${index} %]
                         {
                            "mData": "[% f.replace('\.','_') %]",
-                           "mRender": function ( data, type, full ) {
+                           "mRender": function ( data, type, full, opt ) {
                                 if(data == null)
                                     return '';
                                 [% IF custom_renderers.${f} -%]
                                     var renderCustom = [% custom_renderers.${f} -%];
                                 [% ELSE -%]
-                                    var renderCustom = function(data, type, full) { return data; };
+                                    var renderCustom = function(data, type, full, opt) { return data; };
                                 [% END -%]
                                 return String(renderCustom(data, type, full)).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
                             }
                         },
                             [% END -%]
                         [% END -%]
-                        { "mRender": function ( data, type, full ) {
+                        { "mRender": function ( data, type, full, opt ) {
                                 return '<input type="checkbox" value="' + full.id + '"/>';
                             },
                           "mData": null,

share/templates/helpers/datatables_multifield.tt

@@ -53,19 +53,19 @@ $(document).ready(function() {
                         [% FOREACH f IN table_fields -%]
                         {
                            "mData": "[% f %]",
-                           "mRender": function ( data, type, full ) {
+                           "mRender": function ( data, type, full, opt ) {
                                 if(data == null)
                                     return '';
                                 [% IF custom_renderers.${f} -%]
                                     var renderCustom = [% custom_renderers.${f} -%];
                                 [% ELSE -%]
-                                    var renderCustom = function(data, type, full) { return data; };
+                                    var renderCustom = function(data, type, full, opt) { return data; };
                                 [% END -%]
                                 return String(renderCustom(data, type, full)).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
                             }
                         },
                         [% END -%]
-                        { "mRender": function ( data, type, full ) {
+                        { "mRender": function ( data, type, full, opt ) {
                                 return '<input type="checkbox" value="' + full.id + '"/>';
                             },
                           "mData": null,

share/templates/timeset/event_list.tt

@@ -10,7 +10,7 @@ var RRule;
 require(['rrule'], function (rrule) {
   RRule = rrule;
 });
-function toText(data, type, full) {
+function toText(data, type, full, opt) {
   var rrule_text = '';
   var dtstart, dtend, freq;
   var dtstart_obj;
@@ -249,7 +249,7 @@ $( document ).ready(function() {
     helper.form_object = form;
     helper.ajax_uri = c.uri_for_action( "/timeset/event_ajax", [c.req.captures.0] );
     helper.custom_renderers => {
-      ical => 'function ( data, type, full ) { return toText(data, type, full); }'
+      ical => 'function ( data, type, full, opt ) { return toText(data, type, full, opt); }'
     };
 
     UNLESS c.user.read_only;