overleaf/services/web/app/views/layout/navbar.pug
Alasdair Smith 41f75b5936 Merge pull request #1543 from sharelatex/as-fix-potential-angular-xss
Fix potential Angular XSS issues

GitOrigin-RevId: a18a609a25b29e910cb78e28a37398417cfe4842
2019-03-18 10:37:15 +00:00

96 lines
3.1 KiB
Text

nav.navbar.navbar-default.navbar-main
.container-fluid
.navbar-header
button.navbar-toggle(ng-init="navCollapsed = true", ng-click="navCollapsed = !navCollapsed", ng-class="{active: !navCollapsed}", aria-label="Toggle " + translate('navigation'))
i.fa.fa-bars(aria-hidden="true")
if settings.nav.custom_logo
a(href='/', aria-label=settings.appName, style='background-image:url("'+settings.nav.custom_logo+'")').navbar-brand
else if (nav.title)
a(href='/', aria-label=settings.appName, ng-non-bindable).navbar-title #{nav.title}
else
a(href='/', aria-label=settings.appName).navbar-brand
.navbar-collapse.collapse(collapse="navCollapsed")
ul.nav.navbar-nav.navbar-right
if (getSessionUser() && getSessionUser().isAdmin)
li.dropdown(class="subdued", dropdown)
a.dropdown-toggle(href, dropdown-toggle)
| Admin
b.caret
ul.dropdown-menu
li
a(href="/admin") Manage Site
li
a(href="/admin/user") Manage Users
// loop over header_extras
each item in nav.header_extras
-
if ((item.only_when_logged_in && getSessionUser())
|| (item.only_when_logged_out && (!getSessionUser()))
|| (!item.only_when_logged_out && !item.only_when_logged_in && !item.only_content_pages)
|| (item.only_content_pages && (typeof(suppressNavContentLinks) == "undefined" || !suppressNavContentLinks))
){
var showNavItem = true
} else {
var showNavItem = false
}
if showNavItem
if item.dropdown
li.dropdown(class=item.class, dropdown)
a.dropdown-toggle(href, dropdown-toggle)
| !{translate(item.text)}
b.caret
ul.dropdown-menu
each child in item.dropdown
if child.divider
li.divider
else
li
if child.url
a(href=child.url, class=child.class) !{translate(child.text)}
else
| !{translate(child.text)}
else
li(class=item.class)
if item.url
a(href=item.url, class=item.class) !{translate(item.text)}
else
| !{translate(item.text)}
// logged out
if !getSessionUser()
// register link
if hasFeature('registration')
li
a(href="/register") #{translate('register')}
// login link
li
a(href="/login") #{translate('log_in')}
// projects link and account menu
if getSessionUser()
li
a(href="/project") #{translate('Projects')}
li.dropdown(dropdown)
a.dropbodw-toggle(href, dropdown-toggle)
| #{translate('Account')}
b.caret
ul.dropdown-menu
li
div.subdued(ng-non-bindable) #{getUserEmail()}
li.divider
li
a(href="/user/settings") #{translate('Account Settings')}
if nav.showSubscriptionLink
li
a(href="/user/subscription") #{translate('subscription')}
li.divider
li
form(method="POST" action="/logout")
input(name='_csrf', type='hidden', value=csrfToken)
button.btn-link.text-left.dropdown-menu-button #{translate('log_out')}