Marcus Quinn
1c1980bb22
* fix: resolve plugin class loading reliability issues * fix: address CodeRabbit XSS and accessibility findings from PR #18 - admin/js/admin-scripts.js: replace HTML string interpolation in showNotice with DOM API construction and .text() to prevent XSS; whitelist type values - admin/js/update-source-selector.js: replace .html(message) with .text(message) in showMessage to prevent XSS from AJAX response content - admin/templates/modal.php: add role=dialog, aria-modal=true, aria-labelledby for screen reader semantics; replace <span> close control with <button> for keyboard operability and proper ARIA role
142 lines
3.3 KiB
JavaScript
142 lines
3.3 KiB
JavaScript
/**
|
|
* Admin Scripts
|
|
*
|
|
* @package WPALLSTARS\PluginStarterTemplate
|
|
*/
|
|
|
|
(function ($) {
|
|
'use strict';
|
|
|
|
/**
|
|
* Admin functionality
|
|
*/
|
|
const WPSTAdmin = {
|
|
/**
|
|
* Initialize
|
|
*/
|
|
init: function () {
|
|
// Initialize components.
|
|
this.initComponents();
|
|
|
|
// Bind events.
|
|
this.bindEvents();
|
|
},
|
|
|
|
/**
|
|
* Initialize components
|
|
*/
|
|
initComponents: function () {
|
|
// Initialize any components here.
|
|
},
|
|
|
|
/**
|
|
* Bind events
|
|
*/
|
|
bindEvents: function () {
|
|
// Example: Toggle sections.
|
|
$( '.wpst-toggle-section' ).on( 'click', this.toggleSection );
|
|
|
|
// Example: Form submission.
|
|
$( '#wpst-settings-form' ).on( 'submit', this.handleFormSubmit );
|
|
},
|
|
|
|
/**
|
|
* Toggle section visibility
|
|
*
|
|
* @param {Event} e Click event
|
|
*/
|
|
toggleSection: function (e) {
|
|
e.preventDefault();
|
|
|
|
const $this = $( this );
|
|
const target = $this.data( 'target' );
|
|
|
|
$( target ).slideToggle( 200 );
|
|
$this.toggleClass( 'open' );
|
|
},
|
|
|
|
/**
|
|
* Handle form submission
|
|
*
|
|
* @param {Event} e Submit event
|
|
*/
|
|
handleFormSubmit: function (e) {
|
|
e.preventDefault();
|
|
|
|
const $form = $( this );
|
|
const $submitButton = $form.find( 'input[type="submit"]' );
|
|
const formData = $form.serialize();
|
|
|
|
// Disable submit button and show loading state.
|
|
$submitButton.prop( 'disabled', true ).addClass( 'loading' );
|
|
|
|
// Send AJAX request.
|
|
$.ajax(
|
|
{
|
|
url: wpstData.ajaxUrl,
|
|
type: 'POST',
|
|
data: {
|
|
action: 'wpst_save_settings',
|
|
nonce: wpstData.nonce,
|
|
formData: formData
|
|
},
|
|
success: function (response) {
|
|
if (response.success) {
|
|
WPSTAdmin.showNotice( 'success', response.data.message );
|
|
} else {
|
|
WPSTAdmin.showNotice( 'error', response.data.message );
|
|
}
|
|
},
|
|
error: function () {
|
|
WPSTAdmin.showNotice( 'error', 'An error occurred. Please try again.' );
|
|
},
|
|
complete: function () {
|
|
// Re-enable submit button and remove loading state.
|
|
$submitButton.prop( 'disabled', false ).removeClass( 'loading' );
|
|
}
|
|
}
|
|
);
|
|
},
|
|
|
|
/**
|
|
* Show admin notice
|
|
*
|
|
* @param {string} type Notice type (success, error, warning)
|
|
* @param {string} message Notice message
|
|
*/
|
|
showNotice: function (type, message) {
|
|
const allowedTypes = [ 'success', 'error', 'warning' ];
|
|
const safeType = allowedTypes.includes( type ) ? type : 'error';
|
|
const $p = $( '<p>' );
|
|
const $notice = $( '<div>' ).addClass( 'wpst-notice ' + safeType ).append( $p );
|
|
|
|
// Set message as plain text to prevent XSS.
|
|
$p.text( message );
|
|
|
|
// Add notice to the page.
|
|
$( '.wpst-notices' ).empty().append( $notice );
|
|
|
|
// Automatically remove notice after 5 seconds.
|
|
setTimeout(
|
|
function () {
|
|
$notice.fadeOut(
|
|
300,
|
|
function () {
|
|
$( this ).remove();
|
|
}
|
|
);
|
|
},
|
|
5000
|
|
);
|
|
}
|
|
};
|
|
|
|
// Initialize when document is ready.
|
|
$( document ).ready(
|
|
function () {
|
|
WPSTAdmin.init();
|
|
}
|
|
);
|
|
|
|
})( jQuery );
|