xwiki · surli · Nov 22, 2024 · Jun 12, 2024 · Oct 15, 2024 · Oct 15, 2024
diff --git a/...i-platform-core/xwiki-platform-oldcore/src/main/resources/ApplicationResources.properties b/...i-platform-core/xwiki-platform-oldcore/src/main/resources/ApplicationResources.properties
@@ -3640,7 +3640,7 @@ XWiki.SearchSuggestSourceClass_activated=Activated
 XWiki.SearchSuggestSourceClass_activated.hint=Whether this source is used or not (as long as the source search engine matches the search engine used by the current wiki).
 
 ### CSRFToken resources
-csrf.confirmation=<p>This request contains an invalid authentication information.</p><p>This might happen in the following situations:</p><ul><li>You left the editor open in another window/tab and logged off and on again</li><li>Your authentication token expired after a long period of inactivity</li><li>Somebody tried to perform a CSRF attack</li></ul><p>If you are sure that none of these situations apply in your case, you might have found a bug. We are sorry about that, please report it on <a href="http://jira.xwiki.org/">XWiki JIRA</a></p><p>Do you want to resend the request? If unsure, say <strong>No</strong>.</p>
+csrf.confirmation={0}This request contains an invalid authentication information.{1}{2}This might happen in the following situations:{3}{4}You left the editor open in another window/tab and logged off and on again{5}{6}Your authentication token expired after a long period of inactivity{7}{8}Somebody tried to perform a CSRF attack{9}{10}If you are sure that none of these situations apply in your case, you might have found a bug. We are sorry about that, please report it on {11}XWiki JIRA{12}{13}Do you want to resend the request? If unsure, say {14}No{15}.{16}
 
 ### Extension Manager application resources
 admin.extensions=Extension Manager

diff --git a/.../xwiki-platform-web/xwiki-platform-web-templates/src/main/resources/templates/resubmit.vm b/.../xwiki-platform-web/xwiki-platform-web-templates/src/main/resources/templates/resubmit.vm
@@ -29,7 +29,18 @@ $response.addHeader( "X-FRAME-OPTIONS", "DENY" )
 <div class="main layoutsubsection">
 ## Set as an HTML main for better DOM tree semantics to facilitate navigation with assistive technologies.
 <main id="mainContentArea">
-#xwikimessageboxstart($services.localization.render('warning') $services.localization.render('csrf.confirmation'))
+#xwikimessageboxstart($services.localization.render('warning') $services.localization.render('csrf.confirmation', [
+  '<p>', '</p>',
+  '<p>', '</p>',
+  '<ul><li>', '</li>',
+  '<li>', '</li>',
+  '<li>', '</li></ul>',
+  '<p class="force-underline">', 
+  '<a href="http://jira.xwiki.org/">', '</a></p>',
+  '<p>', '<strong>',
+  '</strong>', '</p>'
+  ]))
+  coucou
 #getSanitizedURLAttributeValue('form','action', $request.getParameter('resubmit'), '', $resubmit)
 #getSanitizedURLAttributeValue('a','href', $request.getParameter('xback'), $doc.getURL(), $xback)
 <form action="$resubmit" method="post">

diff --git a/.../xwiki-platform-web-war/src/main/webapp/resources/js/xwiki/actionbuttons/actionButtons.js b/.../xwiki-platform-web-war/src/main/webapp/resources/js/xwiki/actionbuttons/actionButtons.js
@@ -529,7 +529,10 @@ var XWiki = (function(XWiki) {
         var buttonsDiv =  new Element('div');
 
         // the confirmation message contains some double quotes that should be escaped.
-        content.insert("$escapetool.json($services.localization.render('csrf.confirmation'))");
+        content.insert("$escapetool.json($services.localization.render('csrf.confirmation', [
+          '<p>', '</p>', '<p>', '</p>', '<ul><li>', '</li>', '<li>', '</li>', '<li>', '</li></ul>',
+          '<p class="force-underline">', '<a href="http://jira.xwiki.org/">', '</a></p>', '<p>', '<strong>',
+          '</strong>', '</p>' ]))");
         content.insert(new Element('br'));
         var buttonCreate = new Element('button', {'class': 'btn btn-default', 'id': 'force-save-csrf'});
         buttonCreate.insert("$services.localization.render('yes')");