Removal of several inline scripts

inc/display.php

@@ -307,10 +307,15 @@ function bidi_cleanup($data) {
 }
 
 function secure_link_confirm($text, $title, $confirm_message, $href) {
-	global $config;
+    $secure_url = htmlspecialchars('?/' . $href . '/' . make_secure_link_token($href), ENT_QUOTES, 'UTF-8');
+
+	$title = htmlentities($title);
+
+	$confirm_message = htmlentities($confirm_message);
 
-	return '<a onclick="if (event.which==2) return true;if (confirm(\'' . htmlentities(addslashes($confirm_message)) . '\')) document.location=\'?/' . htmlspecialchars(addslashes($href . '/' . make_secure_link_token($href))) . '\';return false;" title="' . htmlentities($title) . '" href="?/' . $href . '">' . $text . '</a>';
+	return "<a title='{$title}' data-href='{$secure_url}' href='?/{$href}' data-confirm='{$confirm_message}'>{$text}</a>";
 }
+
 function secure_link($href) {
 	return $href . '/' . make_secure_link_token($href);
 }
@@ -383,14 +388,19 @@ public function __construct($post, $root=null, $mod=false) {
 			markup($this->body);
 		}
 
-		if ($this->mod)
+		if ($this->mod) {
 			// Fix internal links
 			// Very complicated regex
-			$this->body = preg_replace(
-				'/<a((([a-zA-Z]+="[^"]+")|[a-zA-Z]+=[a-zA-Z]+|\s)*)href="' . preg_quote($config['root'], '/') . '(' . sprintf(preg_quote($config['board_path'], '/'), $config['board_regex']) . ')/u',
-				'<a $1href="?/$4',
-				$this->body
-			);
+	        $this->body = preg_replace(
+            	'/<a\s*((?:[a-zA-Z-]+="[^"]*"\s*)*)href="'
+            	. preg_quote($this->config['root'], '/')
+            	. '('
+            	. sprintf(preg_quote($this->config['board_path'], '/'), $this->config['board_regex'])
+            	. '([^"]+))"/u',
+            	'<a $1href="?$2"',
+            	$this->body
+        	);
+		}
 	}
 	public function link($pre = '', $page = false) {
 		global $config, $board;
@@ -438,14 +448,19 @@ public function __construct($post, $root = null, $mod = false, $hr = true) {
 			markup($this->body);
 		}
 
-		if ($this->mod)
+		if ($this->mod) {
 			// Fix internal links
 			// Very complicated regex
-			$this->body = preg_replace(
-				'/<a((([a-zA-Z]+="[^"]+")|[a-zA-Z]+=[a-zA-Z]+|\s)*)href="' . preg_quote($config['root'], '/') . '(' . sprintf(preg_quote($config['board_path'], '/'), $config['board_regex']) . ')/u',
-				'<a $1href="?/$4',
-				$this->body
-			);
+	        $this->body = preg_replace(
+            	'/<a\s*((?:[a-zA-Z-]+="[^"]*"\s*)*)href="'
+            	. preg_quote($this->config['root'], '/')
+            	. '('
+            	. sprintf(preg_quote($this->config['board_path'], '/'), $this->config['board_regex'])
+            	. '([^"]+))"/u',
+            	'<a $1href="?$2"',
+            	$this->body
+        	);
+		}
 	}
 	public function link($pre = '', $page = false) {
 		global $config, $board;

inc/functions.php

@@ -2113,11 +2113,19 @@ function markup(&$body, $track_cites = false, $op = false) {
 			}
 
 			if (isset($cited_posts[$cite])) {
-				$replacement = '<a onclick="highlightReply(\''.$cite.'\', event);" href="' .
-					$config['root'] . $board['dir'] . $config['dir']['res'] .
-					link_for(array('id' => $cite, 'thread' => $cited_posts[$cite])) . '#' . $cite . '">' .
-					'&gt;&gt;' . $cite .
-					'</a>';
+				$classAttribute = 'class="highlight-link"';
+				$dataCiteAttribute = 'data-cite="' . htmlspecialchars($cite, ENT_QUOTES, 'UTF-8') . '"';
+				$hrefValue = $config['root'] . $board['dir'] . $config['dir']['res'] 
+    						. link_for(['id' => $cite, 'thread' => $cited_posts[$cite]])
+							. '#' . $cite;
+				$linkText = '&gt;&gt;' . htmlspecialchars($cite, ENT_QUOTES, 'UTF-8');
+
+				$replacement = $matches[1][0] . '<a '
+    							. $classAttribute . ' '
+    							. $dataCiteAttribute . ' '
+    							. 'href="' . htmlspecialchars($hrefValue, ENT_QUOTES, 'UTF-8') . '">'
+    							. $linkText
+    							. '</a>';
 
 				$body = mb_substr_replace($body, $matches[1][0] . $replacement . $matches[3][0], $matches[0][1] + $skip_chars, mb_strlen($matches[0][0]));
 				$skip_chars += mb_strlen($matches[1][0] . $replacement . $matches[3][0]) - mb_strlen($matches[0][0]);
@@ -2209,13 +2217,23 @@ function markup(&$body, $track_cites = false, $op = false) {
 			if ($cite) {
 				if (isset($cited_posts[$_board][$cite])) {
 					$link = $cited_posts[$_board][$cite];
-
-					$replacement = '<a ' .
-						($_board == $board['uri'] ?
-							'onclick="highlightReply(\''.$cite.'\', event);" '
-						: '') . 'href="' . $link . '">' .
-						'&gt;&gt;&gt;/' . $_board . '/' . $cite .
-						'</a>';
+						$classAttribute = '';
+						if ($_board == $board['uri']) {
+    						$classAttribute = 'class="highlight-link" data-cite="' . htmlspecialchars($cite, ENT_QUOTES, 'UTF-8') . '"';
+						}
+
+						$hrefValue = htmlspecialchars($link, ENT_QUOTES, 'UTF-8');
+
+						$linkText = '&gt;&gt;&gt;/'
+									. htmlspecialchars($_board, ENT_QUOTES, 'UTF-8')
+									. '/' . htmlspecialchars($cite, ENT_QUOTES, 'UTF-8');
+
+						$replacement = $matches[1][0] 
+    						. '<a '
+							. $classAttribute 
+							. ' href="' . $hrefValue . '">'
+							. $linkText 
+							. '</a>';
 
 					$body = mb_substr_replace($body, $matches[1][0] . $replacement . $matches[4][0], $matches[0][1] + $skip_chars, mb_strlen($matches[0][0]));
 					$skip_chars += mb_strlen($matches[1][0] . $replacement . $matches[4][0]) - mb_strlen($matches[0][0]);

inc/template.php

@@ -144,8 +144,8 @@ public function getFunctions()
 			new Twig\TwigFunction('hiddenInputs', 'hiddenInputs'),
 			new Twig\TwigFunction('hiddenInputsHash', 'hiddenInputsHash'),
 			new Twig\TwigFunction('ratio', 'twig_ratio_function'),
-			new Twig\TwigFunction('secure_link_confirm', 'twig_secure_link_confirm'),
-			new Twig\TwigFunction('secure_link', 'twig_secure_link'),
+			new Twig\TwigFunction('secure_link_confirm', 'secure_link_confirm'),
+			new Twig\TwigFunction('secure_link', 'secure_link'),
 			new Twig\TwigFunction('link_for', 'link_for')
 		);
 	}
@@ -221,11 +221,3 @@ function twig_filename_truncate_filter($value, $length = 30, $separator = '…')
 function twig_ratio_function($w, $h) {
 	return fraction($w, $h, ':');
 }
-function twig_secure_link_confirm($text, $title, $confirm_message, $href) {
-	global $config;
-
-	return '<a onclick="if (event.which==2) return true;if (confirm(\'' . htmlentities(addslashes($confirm_message)) . '\')) document.location=\'?/' . htmlspecialchars(addslashes($href . '/' . make_secure_link_token($href))) . '\';return false;" title="' . htmlentities($title) . '" href="?/' . $href . '">' . $text . '</a>';
-}
-function twig_secure_link($href) {
-	return $href . '/' . make_secure_link_token($href);
-}

js/mod/mod-scripts.js

@@ -0,0 +1,18 @@
+function addSecureLinkListener() {
+    document.addEventListener('click', function(event) {
+        var link = event.target.closest('a[data-href]');
+        if (link) {
+            if (event.button === 1) return;
+
+            event.preventDefault();
+
+            var confirmMessage = link.getAttribute('data-confirm');
+            if (confirm(confirmMessage)) {
+                window.location.href = link.getAttribute('data-href');
+            }
+        }
+    });
+}
+document.addEventListener("DOMContentLoaded", function() {
+    addSecureLinkListener();
+});

js/show-backlinks.js

@@ -41,10 +41,10 @@ onReady(function() {
 
 			if ($mentioned.find('a.mentioned-' + reply_id).length != 0) {
 				return;
-			}
-
-			let link = $('<a class="mentioned-' + reply_id + '" onclick="highlightReply(\'' + reply_id + '\');" href="#' + reply_id + '">&gt;&gt;' +
+
+			var $link = $('<a class="mentioned-' + reply_id + ' highlight-link" data-cite="' + reply_id + '" href="#' + reply_id + '">&gt;&gt;' +
 				reply_id + '</a>');
+
 			link.appendTo($mentioned)
 
 			if (window.init_hover) {

templates/generic_page.html

@@ -36,8 +36,5 @@ <h1>{{ board.url }} - {{ board.name }}</h1>
 	{% endfor %} {{ btn.next }}</div>
 	{{ boardlist.bottom }}
 	{% include 'footer.html' %}
-	<script type="text/javascript">{% verbatim %}
-		ready();
-	{% endverbatim %}</script>
 </body>
 </html>

templates/header.html

@@ -11,6 +11,9 @@
                         var inMod = {% if mod %}true{% else %}false{% endif %};
                         var modRoot="{{ config.root }}"+(inMod ? "mod.php?/" : "");
                 </script>
+                {% if mod %}
+                        <script type="text/javascript" src="js/mod/mod-scripts.js"></script>
+                {% endif %}
                 {% if not nojavascript %}
                         <script type="text/javascript" src="{{ config.url_javascript }}"></script>
                         {% if not config.additional_javascript_compile %}

templates/index.html

@@ -101,9 +101,5 @@ <h1>{{ board.url }} - {{ board.title|e }}</h1>
 	{{ config.ad.bottom }}
 
 	{% include 'footer.html' %}
-	<script type="text/javascript">{% verbatim %}
-		ready();
-	{% endverbatim %}</script>
-
 </body>
 </html>

templates/main.js

@@ -222,26 +222,23 @@ function getCookie(cookie_name) {
 	}
 }
 
-function highlightReply(id) {
-	if (typeof window.event != "undefined" && event.which == 2) {
-		// don't highlight on middle click
-		return true;
-	}
-
-	let divs = document.getElementsByTagName('div');
-	for (var i = 0; i < divs.length; i++)
-	{
-		if (divs[i].className.indexOf('post') != -1) {
-			divs[i].className = divs[i].className.replace(/highlighted/, '');
-		}
-	}
-	if (id) {
-		let post = document.getElementById('reply_' + id);
-		if (post) {
-			post.className += ' highlighted';
-		}
-		window.location.hash = id;
-	}
+function highlightReply(id, evt) {
+    if (evt && evt.button === 1) {
+        return true;
+    }
+
+    document.querySelectorAll('div.post').forEach(div => {
+        div.classList.remove('highlighted');
+    });
+
+    if (id) {
+        const post = document.getElementById(`reply_${id}`);
+        if (post) {
+            post.classList.add('highlighted');
+            window.location.hash = id;
+        }
+    }
+
 	return true;
 }
 
@@ -273,27 +270,27 @@ function doPost(form) {
 }
 
 function citeReply(id, with_link) {
-	let textarea = document.getElementById('body');
-	if (!textarea) {
-		return false;
-	}
+    var textarea = document.getElementById('body');
+
+    if (!textarea) return false;
+
+    var insertionText = '>>' + id + '\n';
+
+    if (document.selection) {
+        // IE
+        textarea.focus();
+        var sel = document.selection.createRange();
+        sel.text = insertionText;
+    } else if (textarea.selectionStart !== undefined) {
+        var start = textarea.selectionStart;
+        var end = textarea.selectionEnd;
+        textarea.value = textarea.value.substring(0, start) + insertionText + textarea.value.substring(end);
+
+        textarea.selectionStart = textarea.selectionEnd = start + insertionText.length;
+    } else {
+        textarea.value += insertionText;
+    }
 
-	if (document.selection) {
-		// IE
-		textarea.focus();
-		let sel = document.selection.createRange();
-		sel.text = '>>' + id + '\n';
-	} else if (textarea.selectionStart || textarea.selectionStart == '0') {
-		let start = textarea.selectionStart;
-		let end = textarea.selectionEnd;
-		textarea.value = textarea.value.substring(0, start) + '>>' + id + '\n' + textarea.value.substring(end, textarea.value.length);
-
-		textarea.selectionStart += ('>>' + id).length + 1;
-		textarea.selectionEnd = textarea.selectionStart;
-	} else {
-		// ???
-		textarea.value += '>>' + id + '\n';
-	}
 	if (typeof $ != 'undefined') {
 		let select = document.getSelection().toString();
 		if (select) {
@@ -367,7 +364,9 @@ var script_settings = function(script_name) {
 };
 
 function init() {
-	initStyleChooser();
+	if (active_page !== 'page') {
+		init_stylechooser();
+	}
 
 	{% endverbatim %}
 	{% if config.allow_delete %}
@@ -396,6 +395,40 @@ function ready() {
 	}
 }
 
+function addLinkListenersCite(selector, callback) {
+    document.querySelector('body').addEventListener('click', (event) => {
+        if (event.target.matches(selector)) {
+            event.preventDefault();
+
+            var cite = event.target.getAttribute('data-cite');
+
+            if (callback(cite, event)) {
+                window.location.href = event.target.href;
+            }
+        }
+    });
+}
+
+function addFormListener() {
+    var form = document.getElementById('post-form');
+
+    if (form) {
+        form.addEventListener('submit', (event) => {
+            if (!dopost(form)) {
+                event.preventDefault();
+            }
+        });
+    }
+}
+
+document.addEventListener('DOMContentLoaded', () => {
+	ready();
+	rememberStuff();
+	addLinkListenersCite('.highlight-link', highlightReply);
+	addLinkListenersCite('.cite-link', citeReply);
+	addFormListener();
+});
+
 {% endverbatim %}
 
 var post_date = "{{ config.post_date }}";

templates/post_form.html

@@ -1,4 +1,4 @@
-<form name="post" onsubmit="return doPost(this);" enctype="multipart/form-data" action="{{ config.post_url }}" method="post">
+<form name="post" id="post-form" enctype="multipart/form-data" action="{{ config.post_url }}" method="post">
 {{ antibot.html() }}
 {% if id %}<input type="hidden" name="thread" value="{{ id }}">{% endif %}
 {{ antibot.html() }}
@@ -228,8 +228,4 @@
 	</table>
 {{ antibot.html(true) }}
 <input type="hidden" name="hash" value="{{ antibot.hash() }}">
-</form>
-
-<script type="text/javascript">{% verbatim %}
-	rememberStuff();
-{% endverbatim %}</script>
+</form>

templates/post_reply.html

@@ -14,8 +14,8 @@
 	</label>
 	{% apply spaceless %}
 	{% include 'post/poster_id.html' %}&nbsp;
-	<a class="post_no" id="post_no_{{ post.id }}" onclick="highlightReply({{ post.id }})" href="{% if isnoko50 %}{{ post.link('', '50') }}{% else %}{{ post.link }}{% endif %}">No.</a>
-	<a class="post_no" onclick="citeReply({{ post.id }})" href="{% if isnoko50 %}{{ post.link('q', '50') }}{% else %}{{ post.link('q') }}{% endif %}">{{ post.id }}</a>
+	<a class="post_no highlight-link" id="post_no_{{ post.id }}" data-cite="{{ post.id }}" href="{% if isnoko50 %}{{ post.link('', '50') }}{% else %}{{ post.link }}{% endif %}">No.</a>
+	<a class="post_no cite-link" data-cite="{{ post.id }}" href="{% if isnoko50 %}{{ post.link('q', '50') }}{% else %}{{ post.link('q') }}{% endif %}">{{ post.id }}</a>
 	</p>
 	{% endapply %}
     {% include 'post/fileinfo.html' %} 

templates/post_thread.html

@@ -18,8 +18,8 @@
 	</label>
 	{% apply spaceless %}
 	{% include 'post/poster_id.html' %}&nbsp;
-	<a class="post_no" id="post_no_{{ post.id }}" onclick="highlightReply({{ post.id }})" href="{% if isnoko50 %}{{ post.link('', '50') }}{% else %}{{ post.link }}{% endif %}">No.</a>
-	<a class="post_no" onclick="citeReply({{ post.id }})" href="{% if isnoko50 %}{{ post.link('q', '50') }}{% else %}{{ post.link('q') }}{% endif %}">{{ post.id }}</a>
+	<a class="post_no highlight-link" id="post_no_{{ post.id }}" data-cite="{{ post.id }}" href="{% if isnoko50 %}{{ post.link('', '50') }}{% else %}{{ post.link }}{% endif %}">No.</a>
+	<a class="post_no cite-link" data-cite="{{ post.id }}" href="{% if isnoko50 %}{{ post.link('q', '50') }}{% else %}{{ post.link('q') }}{% endif %}">{{ post.id }}</a>
 	{% if post.sticky %}
 		{% if config.font_awesome %}
 			<i class="fa fa-thumb-tack" title="Sticky"></i>