LP#1822630: sanitize user input before display on browse results
[Evergreen.git] / Open-ILS / src / templates / opac / browse.tt2
1 [%- # This is the bib and authority combined record browser.
2
3     PROCESS "opac/parts/header.tt2";
4     PROCESS "opac/parts/misc_util.tt2";
5     PROCESS "opac/parts/org_selector.tt2";
6     WRAPPER "opac/parts/base.tt2";
7     INCLUDE "opac/parts/topnav.tt2";
8
9     ctx.page_title = l("Browse the Catalog");
10     blimit = CGI.param('blimit') || ctx.opac_hits_per_page || 10;
11
12     depart_list = ['blimit', 'bterm', 'bpivot'];
13     ctx.metalinks.push('<meta name="robots" content="noindex,follow">');
14     MACRO heading_use_label BLOCK;
15         SWITCH use;
16             CASE 'variant';
17                l('See');
18             CASE 'broader';
19                l('Broader term');
20             CASE 'narrower';
21                l('Narrower term');
22             CASE 'other';
23                l('Related term');
24             CASE;
25                l('See');
26         END;
27     END;
28 %]
29
30     <h2 class="sr-only">[% l('Catalog Browse') %]</h2>
31     <div id="search-wrapper">
32         [%# XXX TODO Give searchbar.tt2 more smarts so we can just do:
33           # INCLUDE "opac/parts/searchbar.tt2" %]
34         <div id="search-box">
35             <span class="search_catalog_lbl"><a href="[% mkurl(ctx.opac_root _ '/home', {}, depart_list) %]">[% l('Basic Search') %]</a></span>
36             <span class="adv_search_catalog_lbl"><a href="[% mkurl(ctx.opac_root _ '/advanced', {}, depart_list) %]"
37                     id="home_adv_search_link">[%l('Advanced Search')%]</a></span>
38         
39             <span class="browse_the_catalog_lbl mobile_hide">[% l('Browse the Catalog') %]</span>
40             [% INCLUDE 'opac/parts/cart.tt2' %]
41         </div>
42     </div>
43     <div id="content-wrapper">
44         <div id="main-content">
45             <div id="browse-the-catalog">
46                 <div id="browse-controls" class='searchbar'>
47                     <form method="get" onsubmit="$('browse-submit-spinner').className = ''; return true">
48                         <input type="hidden" name="blimit"
49                             value="[% blimit | html %]" />
50
51                         [% control_qtype = INCLUDE "opac/parts/qtype_selector.tt2"
52                             id="browse-search-class" browse_only=1 plural=1 %]
53
54                         [% control_bterm = BLOCK %]<input type="text" name="bterm" id="browse-term"
55                             aria-label="[% l('Browse term') %]"
56                             value="[% CGI.param('bterm') | html %]" />[% END %]
57                         [% control_locg = INCLUDE build_org_selector id='browse-context'
58                             show_loc_groups=1
59                             arialabel=l('Select holding library') %]
60                         [% l('Browse for [_1] starting with [_2] in [_3]', control_qtype, control_bterm, control_locg) %]
61
62                         <input id='search-submit-go' type="submit" value="[% l('Browse') %]" alt="[% l('Browse') %]" class="opac-button"/>
63                         <img id="browse-submit-spinner" 
64                         src="[% ctx.media_prefix %]/opac/images/progressbar_green.gif[% ctx.cache_key %]"
65                         class="hidden" style="width: 16px; height: 16px;" 
66                         alt="[% l('Search in progress icon') %]" />
67                     </form>
68                 </div>
69
70                 [% BLOCK browse_pager %]
71                 <div class="browse-pager">
72                     [% IF ctx.back_pivot %]
73                     <a class="opac-button" href="[% mkurl('', {bpivot => ctx.back_pivot}) %]" onclick="$('browse-pager-spinner-[% id %]').className = '';">&larr; [%l ('Back') %]</a>
74                     [% END %]
75                     [% IF ctx.pager_shortcuts;
76                         current_qtype = CGI.param('qtype') || 'title' %]
77                     <span class="browse-shortcuts">
78                         [% FOR shortcut IN ctx.pager_shortcuts %]
79                             <a href="[% mkurl('', {qtype => current_qtype, bterm => shortcut.0}, ['bpivot','query']) %]">[% shortcut.1 %]</a>
80                         [% END %]
81                     </span>
82                     [% END %]
83
84                     [% IF ctx.forward_pivot %]
85                     <a class="opac-button" href="[% mkurl('', {bpivot => ctx.forward_pivot}) %]" onclick="$('browse-pager-spinner-[% id %]').className = '';">[%l ('Next') %] &rarr;</a>
86                     [% END %]
87
88                     <img id="browse-pager-spinner-[% id %]" 
89                         src="[% ctx.media_prefix %]/opac/images/progressbar_green.gif[% ctx.cache_key %]"
90                         class="hidden" style="width: 16px; height: 16px;" 
91                         alt="[% l('Search in progress icon') %]" />
92                 </div>
93                 [% END %]
94
95                 [% PROCESS browse_pager id=0 %]
96
97                 <div id="browse-results">
98                 [% IF ctx.browse_error %]
99                     <span class="browse-error">
100                         [% l("An error occurred browsing records. " _
101                         "Please try again in a moment or report the issue " _
102                         "to library staff.") %]
103                     </span>
104                 [% ELSE %]
105                     [% IF ctx.browse_leading_article_warning %]
106                     <div class="browse-leading-article-warning">
107                             [% l("Your browse term seems to begin with an article (a, an, the). You might get better results by omitting the article.") %]
108                             [% IF ctx.browse_leading_article_alternative %]
109                             <p>
110                             [% alternative_link = BLOCK %]
111                             <a href="[% mkurl('', {bterm => ctx.browse_leading_article_alternative}, ['bpivot']) %]">[% ctx.browse_leading_article_alternative | html %]</a>
112                             [%-  END; # alternative_link BLOCK
113                                 l("Did you mean [_1]?", alternative_link);
114                             END # IF %]
115                             </p>
116                     </div>
117                     [% END %]
118                     <ul class="browse-result-list">
119                     [% FOR result IN ctx.browse_results %]
120                         <li class="browse-result">
121                             <span class="browse-result-value[% result.row_number == 0 && !CGI.param('bpivot') ? ' browse-result-best-match' : '' %]">
122                                 [% IF result.sources > 0 %] <!-- bib-linked browse value -->
123                                     <a href="[% mkurl(
124                                         ctx.opac_root _ '/results', {
125                                             'fi:has_browse_entry' => (result.browse_entry _ ',' _ result.fields)
126                                         }) %]">[% result.value | html %]</a>
127                                     <span class="browse-result-sources">([%
128                                         IF result.accurate == 'f';
129                                             l("At least"); " ";
130                                         END;
131                                     result.sources %])</span>
132                                 [% ELSE %] <!-- only authority links -->
133                                     [% result.value | html %]
134                                 [% END %]
135                             </span>
136
137                             [% FOR a IN result.authorities;
138                                     PROCESS authority_notes authority=a IF !sees.grep(a.id);
139                                END %]
140                             [% auth_headings_ul_added = 0; %]
141                                 [% seenit = {}; # for headings we've rendered
142                                    FOR a IN result.sees;
143                                     # We can go no further sans control_set.
144                                     NEXT UNLESS a.control_set;
145
146                                     # get_authority_fields is fast and cache-y.
147                                     acs = ctx.get_authority_fields(a.control_set);
148                                     FOR field_group IN a.headings;
149                                         field_id = field_group.keys.0;
150                                         field = acs.$field_id;
151                                         headings = field_group.values.0;
152                                         FOR h IN headings;
153                                             # We could display headings without
154                                             # links here when h.target is
155                                             # undef, if we wanted to, but note
156                                             # that h.target_count is only
157                                             # defined when h.target is.
158
159                                             IF h.target AND h.target_count AND result.list_authorities.grep('^' _ h.target _ '$').size == 0 AND h.main_entry;
160                                                 id = h.target; NEXT IF seenit.$id; seenit.$id = 1; 
161                                                 IF !auth_headings_ul_added;
162                                                     # only add a <ul> if we have at least one <li> (WCAG 2.0)
163                                                     auth_headings_ul_added = 1; %]
164                                                 <ul class="browse-result-authority-headings"> 
165                                                 [% END %]
166
167                                                 <li><span class="browse-result-authority-field-name">[% heading_use_label(use=h.type) %]</span>
168                                                 <a href="[% mkurl(ctx.opac_root _ '/browse', {bterm => h.heading}, ['bpivot']) %]">[% h.heading | html %]</a>
169                                                 <span class="browse-result-authority-bib-links">([% h.target_count %])</span>
170                                                 </li>
171                                             [% END %]
172                                         [% END %]
173                                     [% END %]
174                                 [% END %]
175                                 [% FOR a IN result.authorities;
176                                     # We can go no further sans control_set.
177                                     NEXT UNLESS a.control_set;
178
179                                     # get_authority_fields is fast and cache-y.
180                                     acs = ctx.get_authority_fields(a.control_set);
181                                     FOR field_group IN a.headings;
182                                         field_id = field_group.keys.0;
183                                         field = acs.$field_id;
184                                         headings = field_group.values.0;
185                                         FOR h IN headings;
186                                             # We could display headings without
187                                             # links here when h.target is
188                                             # undef, if we wanted to, but note
189                                             # that h.target_count is only
190                                             # defined when h.target is.
191
192                                             IF h.target AND h.target_count AND result.list_sees.grep('^' _ h.target _ '$').size == 0 AND !h.main_entry AND ctx.get_cgf('opac.show_related_headings_in_browse').enabled == 't';
193                                                 id = h.target; NEXT IF seenit.$id; seenit.$id = 1; 
194                                                 IF !auth_headings_ul_added;
195                                                     # only add a <ul> if we have at least one <li> (WCAG 2.0)
196                                                     auth_headings_ul_added = 1; %]
197                                                 <ul class="browse-result-authority-headings"> 
198                                                 [% END %]
199                                                 <li><span class="browse-result-authority-field-name">[% heading_use_label(use=h.type) %]</span>
200                                                 <a href="[% mkurl(ctx.opac_root _ '/results', {query => 'identifier|authority_id[' _ h.target _ ']'}) %]">[% h.heading | html %]</a>
201                                                 <span class="browse-result-authority-bib-links">([% h.target_count %])</span>
202                                                 </li>
203                                             [% END %]
204                                         [% END %]
205                                     [% END %]
206                                 [% END %]
207                             [% IF auth_headings_ul_added %]</ul>[% END %]
208                         </li>
209                     [% END %]
210                     </ul>
211                 [% END %]
212                 </div>
213
214                 [% PROCESS browse_pager id=1 %]
215             </div>
216
217             <div class="common-full-pad"></div> 
218         </div>
219     </div>
220
221     [% BLOCK authority_notes;
222         # Displays public general notes (sometimes called "scope notes" ?)
223         FOR note IN authority.notes %]
224             <div class="browse-public-general-note">
225                 <span class="browse-public-general-note-label">
226                     [% l("Note:") %]
227                 </span>
228                 <span class="browse-public-general-note-body">
229                 [% FOR piece IN note; piece | html; END %]
230                 </span>
231             </div>
232         [% END;
233     END;    # end of BLOCK authority_notes %]
234
235 [% END %]