From d33fec9c3f3d1b5edddefec8f93305a827c4faea Mon Sep 17 00:00:00 2001
From: Matt N <github@matthew.noorenberghe.com>
Date: Wed, 16 Jan 2019 06:59:58 -0800
Subject: [PATCH] Add a CSP script-src policy with nonce-source and convert
 more inline event handlers (#2413)

* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy

* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'

Only handle ones that don't return a value.

* Use @data-on-click to attach inline click event handlers with no args and no return value

* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument

* Enforce a script-src CSP on views without inline JS

* Convert some onchange attributes to data-on-change
---
 web/includes/Group.php                        |  2 +-
 web/includes/functions.php                    | 22 ++++++++
 web/index.php                                 |  4 ++
 .../classic/includes/export_functions.php     | 12 ++---
 web/skins/classic/includes/functions.php      |  9 ++--
 web/skins/classic/js/skin.js                  | 24 +++++++++
 web/skins/classic/views/_monitor_filters.php  | 10 ++--
 web/skins/classic/views/bandwidth.php         |  2 +-
 web/skins/classic/views/console.php           | 12 ++---
 web/skins/classic/views/control.php           |  2 +-
 web/skins/classic/views/controlcap.php        |  2 +-
 web/skins/classic/views/controlcaps.php       |  4 +-
 web/skins/classic/views/controlpreset.php     |  2 +-
 web/skins/classic/views/device.php            |  2 +-
 web/skins/classic/views/devices.php           |  4 +-
 web/skins/classic/views/donate.php            |  4 +-
 web/skins/classic/views/download.php          |  6 +--
 web/skins/classic/views/error.php             |  2 +-
 web/skins/classic/views/event.php             | 54 +++++++++----------
 web/skins/classic/views/eventdetail.php       |  2 +-
 web/skins/classic/views/export.php            | 16 +++---
 web/skins/classic/views/filter.php            | 34 ++++++------
 web/skins/classic/views/frames.php            |  2 +-
 web/skins/classic/views/function.php          |  2 +-
 web/skins/classic/views/group.php             |  2 +-
 web/skins/classic/views/groups.php            |  6 +--
 web/skins/classic/views/js/filter.js          |  3 +-
 web/skins/classic/views/log.php               | 26 ++++-----
 web/skins/classic/views/logout.php            |  2 +-
 web/skins/classic/views/monitor.php           |  2 +-
 web/skins/classic/views/monitorpreset.php     |  3 +-
 web/skins/classic/views/monitorprobe.php      |  4 +-
 web/skins/classic/views/monitors.php          |  2 +-
 web/skins/classic/views/montage.php           |  6 +--
 web/skins/classic/views/montagereview.php     | 16 +++---
 web/skins/classic/views/onvifprobe.php        | 10 ++--
 web/skins/classic/views/optionhelp.php        |  2 +-
 web/skins/classic/views/options.php           |  6 +--
 web/skins/classic/views/plugin.php            |  3 +-
 web/skins/classic/views/privacy.php           |  2 +-
 web/skins/classic/views/server.php            |  2 +-
 web/skins/classic/views/settings.php          |  2 +-
 web/skins/classic/views/storage.php           |  2 +-
 web/skins/classic/views/user.php              |  2 +-
 web/skins/classic/views/version.php           | 10 ++--
 web/skins/classic/views/video.php             |  2 +-
 web/skins/classic/views/watch.php             | 20 +++----
 web/skins/classic/views/zone.php              |  2 +-
 web/skins/classic/views/zones.php             |  4 +-
 49 files changed, 215 insertions(+), 161 deletions(-)

diff --git a/web/includes/Group.php b/web/includes/Group.php
index 82c1daba9..89849309b 100644
--- a/web/includes/Group.php
+++ b/web/includes/Group.php
@@ -188,7 +188,7 @@ class Group {
     session_write_close();
 
     return htmlSelect( 'Group[]', Group::get_dropdown_options(), isset($_SESSION['Group'])?$_SESSION['Group']:null, array(
-          'onchange' => 'this.form.submit();',
+          'data-on-change' => 'submitThisForm',
           'class'=>'chosen',
           'multiple'=>'multiple',
           'data-placeholder'=>'All',
diff --git a/web/includes/functions.php b/web/includes/functions.php
index cd278ba79..6473be91b 100644
--- a/web/includes/functions.php
+++ b/web/includes/functions.php
@@ -35,6 +35,28 @@ function noCacheHeaders() {
   header('Pragma: no-cache');         // HTTP/1.0
 }
 
+function CSPHeaders($view, $nonce) {
+  switch ($view) {
+    case "bandwidth":
+    case "function":
+    case "log":
+    case "logout":
+    case "options":
+    case "version": {
+      // Enforce script-src on pages where inline scripts and event handlers have been fixed.
+      // 'unsafe-inline' is only for backwards compatibility with browsers which
+      // only support CSP 1 (with no nonce-* support).
+      header("Content-Security-Policy: script-src 'unsafe-inline' 'self' 'nonce-$nonce'");
+      break;
+    }
+    default: {
+      // Use Report-Only mode on all other pages.
+      header("Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'self' 'nonce-$nonce'");
+      break;
+    }
+  }
+}
+
 function CORSHeaders() {
   if ( isset($_SERVER['HTTP_ORIGIN']) ) {
 
diff --git a/web/index.php b/web/index.php
index d9677d146..29e67d628 100644
--- a/web/index.php
+++ b/web/index.php
@@ -172,6 +172,10 @@ $view = null;
 if ( isset($_REQUEST['view']) )
   $view = detaintPath($_REQUEST['view']);
 
+# Add CSP Headers
+$cspNonce = bin2hex(openssl_random_pseudo_bytes(16));
+CSPHeaders($view, $cspNonce);
+
 $request = null;
 if ( isset($_REQUEST['request']) )
   $request = detaintPath($_REQUEST['request']);
diff --git a/web/skins/classic/includes/export_functions.php b/web/skins/classic/includes/export_functions.php
index 7750f165b..eb505f18b 100644
--- a/web/skins/classic/includes/export_functions.php
+++ b/web/skins/classic/includes/export_functions.php
@@ -263,12 +263,12 @@ function exportEventImages( $event, $exportDetail, $exportFrames, $myfilelist )
 <div id="imagevideo" align="center"></div>
 <br>
 <div align="center">
-<button onclick="stepbackward()">< Step</button><button 
-	id="btnrwd" onclick="rewind()" >Rwd</button><button
-	id="btnplay" onclick="playstop()">Stop</button><button
-	onclick="stepforward()">Step ></button><button
-	id="btnspeedup" onclick="speedup()">speedup</button><button
-	id="btnspeeddown" onclick="speeddown()">slowdown</button>
+<button data-on-click="stepbackward">< Step</button><button 
+	id="btnrwd" data-on-click="rewind" >Rwd</button><button
+	id="btnplay" data-on-click="playstop">Stop</button><button
+	data-on-click="stepforward">Step ></button><button
+	id="btnspeedup" data-on-click="speedup">speedup</button><button
+	id="btnspeeddown" data-on-click="speeddown">slowdown</button>
 </div>
 <div align="center"><div class="horizontal_track" >
 	<div class="horizontal_slit" >&nbsp;</div>
diff --git a/web/skins/classic/includes/functions.php b/web/skins/classic/includes/functions.php
index e39c56b4a..535d8ba31 100644
--- a/web/skins/classic/includes/functions.php
+++ b/web/skins/classic/includes/functions.php
@@ -120,7 +120,7 @@ echo output_link_if_exists( array(
   <script src="skins/<?php echo $skin; ?>/js/dateTimePicker/jquery-ui-timepicker-addon.js"></script>
 
   <script src="<?php echo cache_bust('js/Server.js'); ?>"></script>
-  <script> 
+  <script nonce="<?php echo $cspNonce; ?>">
   jQuery(document).ready(function(){
     jQuery("#flip").click(function(){
       jQuery("#panel").slideToggle("slow");
@@ -150,7 +150,7 @@ echo output_link_if_exists( array(
 <?php
   if ( $skinJsPhpFile ) {
 ?>
-  <script>
+  <script nonce="<?php echo $cspNonce; ?>">
   //<![CDATA[
   <!--
 <?php
@@ -163,7 +163,7 @@ echo output_link_if_exists( array(
   }
   if ( $viewJsPhpFile ) {
 ?>
-  <script>
+  <script nonce="<?php echo $cspNonce; ?>">
   //<![CDATA[
   <!--
 <?php
@@ -397,6 +397,7 @@ if ($reload == 'reload') return ob_get_clean();
 } // end function getNavBarHTML()
 
 function xhtmlFooter() {
+  global $cspNonce;
   global $view;
   global $skin;
   global $running;
@@ -404,7 +405,7 @@ function xhtmlFooter() {
     include("skins/$skin/views/state.php");
   }
 ?>
-  <script>$j('.chosen').chosen();</script>
+  <script nonce="<?php echo $cspNonce; ?>">$j('.chosen').chosen();</script>
   </body>
 </html>
 <?php
diff --git a/web/skins/classic/js/skin.js b/web/skins/classic/js/skin.js
index e87cabfba..69f01bbfd 100644
--- a/web/skins/classic/js/skin.js
+++ b/web/skins/classic/js/skin.js
@@ -136,6 +136,26 @@ $j(document).ready(function() {
     createPopup(url, name, tag, width, height);
     evt.preventDefault();
   });
+
+  // 'data-on-click-this' calls the global function in the attribute value with the element when a click happens.
+  document.querySelectorAll("a[data-on-click-this], button[data-on-click-this], input[data-on-click-this]").forEach(function attachOnClick(el) {
+    var fnName = el.getAttribute("data-on-click-this");
+    el.onclick = window[fnName].bind(el, el);
+  });
+
+  // 'data-on-click' calls the global function in the attribute value with no arguments when a click happens.
+  document.querySelectorAll("a[data-on-click], button[data-on-click], input[data-on-click]").forEach(function attachOnClick(el) {
+    var fnName = el.getAttribute("data-on-click");
+    el.onclick = function() {
+      window[fnName]();
+    };
+  });
+
+  // 'data-on-change' adds an event listener for the global function in the attribute value when a change happens.
+  document.querySelectorAll("select[data-on-change], input[data-on-change]").forEach(function attachOnChange(el) {
+    var fnName = el.getAttribute("data-on-change");
+    el.onchange = window[fnName];
+  });
 });
 
 function createEventPopup( eventId, eventFilter, width, height ) {
@@ -284,6 +304,10 @@ function submitTab( tab ) {
   form.submit();
 }
 
+function submitThisForm() {
+  this.form.submit();
+}
+
 function toggleCheckbox( element, name ) {
     var form = element.form;
     var checked = element.checked;
diff --git a/web/skins/classic/views/_monitor_filters.php b/web/skins/classic/views/_monitor_filters.php
index f37649c18..7480e1bca 100644
--- a/web/skins/classic/views/_monitor_filters.php
+++ b/web/skins/classic/views/_monitor_filters.php
@@ -105,7 +105,7 @@ $html .= '<span class="FunctionFilter"><label>'.translate('Function').'</label>'
 $html .= htmlSelect('Function[]', $Functions,
   (isset($_SESSION['Function'])?$_SESSION['Function']:''),
     array(
-      'onchange'=>'this.form.submit();',
+      'data-on-change'=>'submitThisForm',
       'class'=>'chosen',
       'multiple'=>'multiple',
       'data-placeholder'=>'All',
@@ -118,7 +118,7 @@ if ( count($ServersById) > 1 ) {
   $html .= htmlSelect('ServerId[]', $ServersById,
     (isset($_SESSION['ServerId'])?$_SESSION['ServerId']:''),
     array(
-      'onchange'=>'this.form.submit();',
+      'data-on-change'=>'submitThisForm',
       'class'=>'chosen',
       'multiple'=>'multiple',
       'data-placeholder'=>'All',
@@ -132,7 +132,7 @@ if ( count($StorageById) > 1 ) {
   $html .= htmlSelect('StorageId[]', $StorageById,
     (isset($_SESSION['StorageId'])?$_SESSION['StorageId']:''),
     array(
-      'onchange'=>'this.form.submit();',
+      'data-on-change'=>'submitThisForm',
       'class'=>'chosen',
       'multiple'=>'multiple',
       'data-placeholder'=>'All',
@@ -150,7 +150,7 @@ $status_options = array(
 $html .= htmlSelect( 'Status[]', $status_options,
   ( isset($_SESSION['Status']) ? $_SESSION['Status'] : '' ),
   array(
-    'onchange'=>'this.form.submit();',
+    'data-on-change'=>'submitThisForm',
     'class'=>'chosen',
     'multiple'=>'multiple',
     'data-placeholder'=>'All'
@@ -235,7 +235,7 @@ $html .= htmlSelect( 'Status[]', $status_options,
   $html .= '<span class="MonitorFilter"><label>'.translate('Monitor').'</label>';
   $html .= htmlSelect('MonitorId[]', $monitors_dropdown, $selected_monitor_ids,
     array(
-      'onchange'=>'this.form.submit();',
+      'data-on-change'=>'submitThisForm',
       'class'=>'chosen',
       'multiple'=>'multiple',
       'data-placeholder'=>'All',
diff --git a/web/skins/classic/views/bandwidth.php b/web/skins/classic/views/bandwidth.php
index 1f04ad87b..ca8d1c6ce 100644
--- a/web/skins/classic/views/bandwidth.php
+++ b/web/skins/classic/views/bandwidth.php
@@ -49,7 +49,7 @@ xhtmlHeaders(__FILE__, translate('Bandwidth') );
         <p><?php echo translate('SetNewBandwidth') ?></p>
         <p><?php echo buildSelect( "newBandwidth", $bandwidth_options ) ?></p>
         <div id="contentButtons">
-          <input type="submit" value="<?php echo translate('Save') ?>"/><input type="button" value="<?php echo translate('Cancel') ?>" onclick="closeWindow();"/>
+          <input type="submit" value="<?php echo translate('Save') ?>"/><input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/console.php b/web/skins/classic/views/console.php
index a99bb5957..ceb56c24b 100644
--- a/web/skins/classic/views/console.php
+++ b/web/skins/classic/views/console.php
@@ -178,23 +178,23 @@ getBodyTopHTML();
     </div>
 
     <div class="container-fluid">
-      <button type="button" name="addBtn" onclick="addMonitor(this);"
+      <button type="button" name="addBtn" data-on-click-this="addMonitor"
       <?php echo (canEdit('Monitors') && !$user['MonitorIds']) ? '' : ' disabled="disabled"' ?>
       >
       <span class="glyphicon glyphicon-plus-sign" aria-hidden="true"></span>&nbsp;<?php echo translate('AddNewMonitor') ?>
       </button>
-      <button type="button" name="cloneBtn" onclick="cloneMonitor(this);"
+      <button type="button" name="cloneBtn" data-on-click-this="cloneMonitor"
       <?php echo (canEdit('Monitors') && !$user['MonitorIds']) ? '' : ' disabled="disabled"' ?>
       style="display:none;">
       <span class="glyphicon glyphicon-copy"></span>&nbsp;<?php echo translate('CloneMonitor') ?>
       </button>
-      <button type="button" name="editBtn" onclick="editMonitor(this);" disabled="disabled">
+      <button type="button" name="editBtn" data-on-click-this="editMonitor" disabled="disabled">
       <span class="glyphicon glyphicon-edit" aria-hidden="true"></span>&nbsp;<?php echo translate('Edit') ?>
       </button>
-      <button type="button" name="deleteBtn" onclick="deleteMonitor(this);" disabled="disabled">
+      <button type="button" name="deleteBtn" data-on-click-this="deleteMonitor" disabled="disabled">
       <span class="glyphicon glyphicon-trash" aria-hidden="true"></span>&nbsp;<?php echo translate('Delete') ?>
       </button>
-      <button type="button" name="selectBtn" onclick="selectMonitor(this);" disabled="disabled"><?php echo translate('Select')?></button>
+      <button type="button" name="selectBtn" data-on-click-this="selectMonitor" disabled="disabled"><?php echo translate('Select')?></button>
 <?php
 ob_start();
 ?>
@@ -327,7 +327,7 @@ for( $monitor_i = 0; $monitor_i < count($displayMonitors); $monitor_i += 1 ) {
   if ( canEdit('Monitors') ) {
 ?>
             <td class="colMark">
-              <input type="checkbox" name="markMids[]" value="<?php echo $monitor['Id'] ?>" onclick="setButtonStates( this )"<?php if ( !canEdit( 'Monitors' ) ) { ?> disabled="disabled"<?php } ?>/>
+              <input type="checkbox" name="markMids[]" value="<?php echo $monitor['Id'] ?>" data-on-click-this="setButtonStates"<?php if ( !canEdit( 'Monitors' ) ) { ?> disabled="disabled"<?php } ?>/>
               <span class="glyphicon glyphicon-sort" title="Click and drag to change order"></span>
             </td>
 <?php
diff --git a/web/skins/classic/views/control.php b/web/skins/classic/views/control.php
index f1dd7b3e9..d21a629ee 100644
--- a/web/skins/classic/views/control.php
+++ b/web/skins/classic/views/control.php
@@ -55,7 +55,7 @@ xhtmlHeaders(__FILE__, translate('Control') );
   <div id="page">
     <div id="header">
       <div id="headerButtons">
-        <a href="#" onclick="closeWindow();"><?php echo translate('Close') ?></a>
+        <a href="#" data-on-click="closeWindow"><?php echo translate('Close') ?></a>
       </div>
       <h2><?php echo translate('Control') ?></h2>
       <div id="headerControl">
diff --git a/web/skins/classic/views/controlcap.php b/web/skins/classic/views/controlcap.php
index 694cfc8a4..69a859cce 100644
--- a/web/skins/classic/views/controlcap.php
+++ b/web/skins/classic/views/controlcap.php
@@ -503,7 +503,7 @@ switch ( $tab )
           </tbody>
         </table>
         <div id="contentButtons">
-          <input type="submit" value="<?php echo translate('Save') ?>"<?php if ( !canEdit( 'Control' ) ) { ?> disabled="disabled"<?php } ?>/><input type="button" value="<?php echo translate('Cancel') ?>" onclick="closeWindow()"/>
+          <input type="submit" value="<?php echo translate('Save') ?>"<?php if ( !canEdit( 'Control' ) ) { ?> disabled="disabled"<?php } ?>/><input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/controlcaps.php b/web/skins/classic/views/controlcaps.php
index e64886040..b5d3a587c 100644
--- a/web/skins/classic/views/controlcaps.php
+++ b/web/skins/classic/views/controlcaps.php
@@ -34,7 +34,7 @@ xhtmlHeaders(__FILE__, translate('ControlCaps') );
   <div id="page">
     <div id="header">
       <div id="headerButtons">
-        <a href="#" onclick="closeWindow();"><?php echo translate('Close') ?></a>
+        <a href="#" data-on-click="closeWindow"><?php echo translate('Close') ?></a>
       </div>
       <h2><?php echo translate('ControlCaps') ?></h2>
     </div>
@@ -72,7 +72,7 @@ foreach( $controls as $control )
               <td class="colCanIris"><?php echo $control['CanIris']?translate('Yes'):translate('No') ?></td>
               <td class="colCanWhiteBal"><?php echo $control['CanWhite']?translate('Yes'):translate('No') ?></td>
               <td class="colHasPresets"><?php echo $control['HasHomePreset']?'H':'' ?><?php echo $control['HasPresets']?$control['NumPresets']:'0' ?></td>
-              <td class="colMark"><input type="checkbox" name="markCids[]" value="<?php echo $control['Id'] ?>" onclick="configureDeleteButton( this );"<?php if ( !canEdit( 'Control' ) ) {?> disabled="disabled"<?php } ?>/></td>
+              <td class="colMark"><input type="checkbox" name="markCids[]" value="<?php echo $control['Id'] ?>" data-on-click-this="configureDeleteButton"<?php if ( !canEdit( 'Control' ) ) {?> disabled="disabled"<?php } ?>/></td>
             </tr>
 <?php
 }
diff --git a/web/skins/classic/views/controlpreset.php b/web/skins/classic/views/controlpreset.php
index 0de2a85e2..22b89fea1 100644
--- a/web/skins/classic/views/controlpreset.php
+++ b/web/skins/classic/views/controlpreset.php
@@ -61,7 +61,7 @@ xhtmlHeaders(__FILE__, translate('SetPreset') );
         </p>
         <div id="contentButtons">
           <input type="submit" value="<?php echo translate('Save') ?>"/>
-          <input type="button" value="<?php echo translate('Cancel') ?>" onclick="closeWindow()"/>
+          <input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/device.php b/web/skins/classic/views/device.php
index 489521d00..d9ea940fa 100644
--- a/web/skins/classic/views/device.php
+++ b/web/skins/classic/views/device.php
@@ -58,7 +58,7 @@ xhtmlHeaders( __FILE__, translate('Device')." - ".$newDevice['Name'] );
           </tbody>
         </table>
         <div id="contentButtons">
-          <input type="submit" value="<?php echo translate('Save') ?>"<?php if ( !canEdit( 'Devices' ) ) { ?> disabled="disabled"<?php } ?>/><input type="button" value="<?php echo translate('Cancel') ?>" onclick="closeWindow()"/>
+          <input type="submit" value="<?php echo translate('Save') ?>"<?php if ( !canEdit( 'Devices' ) ) { ?> disabled="disabled"<?php } ?>/><input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/devices.php b/web/skins/classic/views/devices.php
index 3133d1aab..bfeb8cfb3 100644
--- a/web/skins/classic/views/devices.php
+++ b/web/skins/classic/views/devices.php
@@ -76,8 +76,8 @@ foreach( $devices as $device )
         </table>
         <div id="contentButtons">
           <?php echo makePopupButton('?view=device&did=0', 'zmDevice', 'device', translate('New'), canEdit( 'Devices' )); ?>
-          <input type="button" name="deleteBtn" value="<?php echo translate('Delete') ?>" onclick="deleteDevice( this )" disabled="disabled"/>
-          <input type="button" value="<?php echo translate('Cancel') ?>" onclick="closeWindow();"/>
+          <input type="button" name="deleteBtn" value="<?php echo translate('Delete') ?>" data-on-click-this="deleteDevice" disabled="disabled"/>
+          <input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/donate.php b/web/skins/classic/views/donate.php
index 7293b16e2..6eb0bc202 100644
--- a/web/skins/classic/views/donate.php
+++ b/web/skins/classic/views/donate.php
@@ -55,8 +55,8 @@ xhtmlHeaders(__FILE__, translate('Donate') );
           <?php echo buildSelect( "option", $options ); ?>
         </p>
         <div id="contentButtons">
-          <input type="submit" value="<?php echo translate('Apply') ?>" onclick="submitForm( this )">
-          <input type="button" value="<?php echo translate('Close') ?>" onclick="closeWindow()">
+          <input type="submit" value="<?php echo translate('Apply') ?>" data-on-click-this="submitForm">
+          <input type="button" value="<?php echo translate('Close') ?>" data-on-click="closeWindow">
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/download.php b/web/skins/classic/views/download.php
index 06142799c..4cd46ad6f 100644
--- a/web/skins/classic/views/download.php
+++ b/web/skins/classic/views/download.php
@@ -52,7 +52,7 @@ xhtmlHeaders(__FILE__, translate('Download') );
   <div id="page">
     <div id="header">
       <div id="headerButtons">
-        <a href="#" onclick="closeWindow()"><?php echo translate('Close') ?></a>
+        <a href="#" data-on-click="closeWindow"><?php echo translate('Close') ?></a>
       </div>
       <h2><?php echo translate('Download') ?></h2>
     </div>
@@ -88,9 +88,9 @@ if ( !empty($_REQUEST['eid']) ) {
             <tr>
               <th scope="row"><?php echo translate('ExportFormat') ?></th>
               <td>
-                <input type="radio" id="exportFormatTar" name="exportFormat" value="tar" onclick="configureExportButton(this)"/>
+                <input type="radio" id="exportFormatTar" name="exportFormat" value="tar" data-on-click-this="configureExportButton"/>
                 <label for="exportFormatTar"><?php echo translate('ExportFormatTar') ?></label>
-                <input type="radio" id="exportFormatZip" name="exportFormat" value="zip" checked="checked" onclick="configureExportButton(this);"/>
+                <input type="radio" id="exportFormatZip" name="exportFormat" value="zip" checked="checked" data-on-click-this="configureExportButton"/>
                 <label for="exportFormatZip"><?php echo translate('ExportFormatZip') ?></label>
               </td>
             </tr>
diff --git a/web/skins/classic/views/error.php b/web/skins/classic/views/error.php
index 31eaea7de..a5c7e887f 100644
--- a/web/skins/classic/views/error.php
+++ b/web/skins/classic/views/error.php
@@ -35,7 +35,7 @@ xhtmlHeaders(__FILE__, translate('Error') );
         <?php echo translate('ContactAdmin') ?>
       </p>
       <p>
-        <a href="#" onclick="closeWindow();"><?php echo translate('Close') ?></a>
+        <a href="#" data-on-click="closeWindow"><?php echo translate('Close') ?></a>
       </p>
     </div>
   </div>
diff --git a/web/skins/classic/views/event.php b/web/skins/classic/views/event.php
index 07181b268..3a0bd250b 100644
--- a/web/skins/classic/views/event.php
+++ b/web/skins/classic/views/event.php
@@ -122,22 +122,22 @@ if ( ! $Event->Id() ) {
       <div id="menuBar1">
         <div id="nameControl">
           <input type="text" id="eventName" name="eventName" value="<?php echo validHtmlStr($Event->Name()) ?>" />
-          <button value="Rename" type="button" onclick="renameEvent()"<?php if ( !canEdit('Events') ) { ?> disabled="disabled"<?php } ?>>
+          <button value="Rename" type="button" data-on-click="renameEvent"<?php if ( !canEdit('Events') ) { ?> disabled="disabled"<?php } ?>>
 <?php echo translate('Rename') ?></button>
         </div>
 <?php
 if ( canEdit('Events') ) {
 ?>
-        <div id="deleteEvent"><button type="button" onclick="deleteEvent()" <?php echo $Event->Archived == 1 ? ' disabled="disabled" title="You cannot delete an archived event. Unarchive it first."' : ''  ?>><?php echo translate('Delete') ?></button></div>
-        <div id="editEvent"><button type="button" onclick="editEvent()"><?php echo translate('Edit') ?></button></div>
-        <div id="archiveEvent"<?php echo $Event->Archived == 1 ? ' class="hidden"' : ''  ?>><button type="button" onclick="archiveEvent()"><?php echo translate('Archive') ?></button></div>
-        <div id="unarchiveEvent"<?php echo $Event->Archived == 0 ? ' class="hidden"' : '' ?>><button type="button" onclick="unarchiveEvent()"><?php echo translate('Unarchive') ?></button></div>
+        <div id="deleteEvent"><button type="button" data-on-click="deleteEvent" <?php echo $Event->Archived == 1 ? ' disabled="disabled" title="You cannot delete an archived event. Unarchive it first."' : ''  ?>><?php echo translate('Delete') ?></button></div>
+        <div id="editEvent"><button type="button" data-on-click="editEvent"><?php echo translate('Edit') ?></button></div>
+        <div id="archiveEvent"<?php echo $Event->Archived == 1 ? ' class="hidden"' : ''  ?>><button type="button" data-on-click="archiveEvent"><?php echo translate('Archive') ?></button></div>
+        <div id="unarchiveEvent"<?php echo $Event->Archived == 0 ? ' class="hidden"' : '' ?>><button type="button" data-on-click="unarchiveEvent"><?php echo translate('Unarchive') ?></button></div>
 <?php
 } // end if can edit Events
 ?>
-        <div id="framesEvent"><button type="button" onclick="showEventFrames()"><?php echo translate('Frames') ?></button></div>
-        <div id="streamEvent" class="hidden"><button onclick="showStream()"><?php echo translate('Stream') ?></button></div>
-        <div id="stillsEvent"><button type="button" onclick="showStills()"><?php echo translate('Stills') ?></button></div>
+        <div id="framesEvent"><button type="button" data-on-click="showEventFrames"><?php echo translate('Frames') ?></button></div>
+        <div id="streamEvent" class="hidden"><button data-on-click="showStream"><?php echo translate('Stream') ?></button></div>
+        <div id="stillsEvent"><button type="button" data-on-click="showStills"><?php echo translate('Stills') ?></button></div>
 <?php
   if ( $Event->DefaultVideo() ) { 
 ?>
@@ -145,11 +145,11 @@ if ( canEdit('Events') ) {
 <?php
   } else {
 ?>
-        <div id="videoEvent"><button type="button" onclick="videoEvent();"><?php echo translate('Video') ?></button></div>
+        <div id="videoEvent"><button type="button" data-on-click="videoEvent"><?php echo translate('Video') ?></button></div>
 <?php
   } // end if Event->DefaultVideo
 ?>
-        <div id="exportEvent"><button type="button" onclick="exportEvent();"><?php echo translate('Export') ?></button></div>
+        <div id="exportEvent"><button type="button" data-on-click="exportEvent"><?php echo translate('Export') ?></button></div>
         <div id="replayControl"><label for="replayMode"><?php echo translate('Replay') ?></label><?php echo buildSelect( "replayMode", $replayModes, "changeReplayMode();" ); ?></div>
         <div id="scaleControl"><label for="scale"><?php echo translate('Scale') ?></label><?php echo buildSelect( "scale", $scales, "changeScale();" ); ?></div>
       </div>
@@ -191,15 +191,15 @@ if ( ZM_WEB_STREAM_METHOD == 'mpeg' && ZM_MPEG_LIVE_FORMAT ) {
       </div><!--imageFeed-->
 <?php } /*end if !DefaultVideo*/ ?>
         <p id="dvrControls">
-          <input type="button" value="&lt;+" id="prevBtn" title="<?php echo translate('Prev') ?>" class="inactive" onclick="streamPrev( true );"/>
-          <input type="button" value="&lt;&lt;" id="fastRevBtn" title="<?php echo translate('Rewind') ?>" class="inactive" onclick="streamFastRev( true );"/>
-          <input type="button" value="&lt;" id="slowRevBtn" title="<?php echo translate('StepBack') ?>" class="unavail" disabled="disabled" onclick="streamSlowRev( true );"/>
-          <input type="button" value="||" id="pauseBtn" title="<?php echo translate('Pause') ?>" class="inactive" onclick="pauseClicked();"/>
-          <input type="button" value="|>" id="playBtn" title="<?php echo translate('Play') ?>" class="active" disabled="disabled" onclick="playClicked();"/>
-          <input type="button" value="&gt;" id="slowFwdBtn" title="<?php echo translate('StepForward') ?>" class="unavail" disabled="disabled" onclick="streamSlowFwd( true );"/>
-          <input type="button" value="&gt;&gt;" id="fastFwdBtn" title="<?php echo translate('FastForward') ?>" class="inactive" onclick="streamFastFwd( true );"/>
-          <input type="button" value="&ndash;" id="zoomOutBtn" title="<?php echo translate('ZoomOut') ?>" class="unavail" disabled="disabled" onclick="streamZoomOut();"/>
-          <input type="button" value="+&gt;" id="nextBtn" title="<?php echo translate('Next') ?>" class="inactive" onclick="streamNext( true );"/>
+          <input type="button" value="&lt;+" id="prevBtn" title="<?php echo translate('Prev') ?>" class="inactive" data-on-click-true="streamPrev"/>
+          <input type="button" value="&lt;&lt;" id="fastRevBtn" title="<?php echo translate('Rewind') ?>" class="inactive" data-on-click-true="streamFastRev"/>
+          <input type="button" value="&lt;" id="slowRevBtn" title="<?php echo translate('StepBack') ?>" class="unavail" disabled="disabled" data-on-click-true="streamSlowRev"/>
+          <input type="button" value="||" id="pauseBtn" title="<?php echo translate('Pause') ?>" class="inactive" data-on-click="pauseClicked"/>
+          <input type="button" value="|>" id="playBtn" title="<?php echo translate('Play') ?>" class="active" disabled="disabled" data-on-click="playClicked"/>
+          <input type="button" value="&gt;" id="slowFwdBtn" title="<?php echo translate('StepForward') ?>" class="unavail" disabled="disabled" data-on-click-true="streamSlowFwd"/>
+          <input type="button" value="&gt;&gt;" id="fastFwdBtn" title="<?php echo translate('FastForward') ?>" class="inactive" data-on-click-true="streamFastFwd"/>
+          <input type="button" value="&ndash;" id="zoomOutBtn" title="<?php echo translate('ZoomOut') ?>" class="unavail" disabled="disabled" data-on-click="streamZoomOut"/>
+          <input type="button" value="+&gt;" id="nextBtn" title="<?php echo translate('Next') ?>" class="inactive" data-on-click-true="streamNext"/>
         </p>
         <div id="replayStatus">
           <span id="mode"><?php echo translate('Mode') ?>: <span id="modeValue">Replay</span></span>
@@ -217,8 +217,8 @@ if ( ZM_WEB_STREAM_METHOD == 'mpeg' && ZM_MPEG_LIVE_FORMAT ) {
           <div id="eventImageFrame">
             <img id="eventImage" src="graphics/transparent.png" alt=""/>
             <div id="eventImageBar">
-              <div id="eventImageClose"><button type="button" onclick="hideEventImage()"><?php echo translate('Close') ?></button></div>
-              <div id="eventImageStats" class="hidden"><button type="button" onclick="showFrameStats()"><?php echo translate('Stats') ?></button></div>
+              <div id="eventImageClose"><button type="button" data-on-click="hideEventImage"><?php echo translate('Close') ?></button></div>
+              <div id="eventImageStats" class="hidden"><button type="button" data-on-click="showFrameStats"><?php echo translate('Stats') ?></button></div>
               <div id="eventImageData"><?php echo translate('Frame') ?> <span id="eventImageNo"></span></div>
             </div>
           </div>
@@ -233,12 +233,12 @@ if ( ZM_WEB_STREAM_METHOD == 'mpeg' && ZM_MPEG_LIVE_FORMAT ) {
           </div>
           <div id="eventImageButtons">
             <div id="prevButtonsPanel">
-              <input id="prevEventBtn" type="button" value="&lt;E" onclick="prevEvent()" disabled="disabled"/>
-              <input id="prevThumbsBtn" type="button" value="&lt;&lt;" onclick="prevThumbs()" disabled="disabled"/>
-              <input id="prevImageBtn" type="button" value="&lt;" onclick="prevImage()" disabled="disabled"/>
-              <input id="nextImageBtn" type="button" value="&gt;" onclick="nextImage()" disabled="disabled"/>
-              <input id="nextThumbsBtn" type="button" value="&gt;&gt;" onclick="nextThumbs()" disabled="disabled"/>
-              <input id="nextEventBtn" type="button" value="E&gt;" onclick="nextEvent()" disabled="disabled"/>
+              <input id="prevEventBtn" type="button" value="&lt;E" data-on-click="prevEvent" disabled="disabled"/>
+              <input id="prevThumbsBtn" type="button" value="&lt;&lt;" data-on-click="prevThumbs" disabled="disabled"/>
+              <input id="prevImageBtn" type="button" value="&lt;" data-on-click="prevImage" disabled="disabled"/>
+              <input id="nextImageBtn" type="button" value="&gt;" data-on-click="nextImage" disabled="disabled"/>
+              <input id="nextThumbsBtn" type="button" value="&gt;&gt;" data-on-click="nextThumbs" disabled="disabled"/>
+              <input id="nextEventBtn" type="button" value="E&gt;" data-on-click="nextEvent" disabled="disabled"/>
             </div>
           </div>
         </div>
diff --git a/web/skins/classic/views/eventdetail.php b/web/skins/classic/views/eventdetail.php
index 388c7cfb2..2e959d445 100644
--- a/web/skins/classic/views/eventdetail.php
+++ b/web/skins/classic/views/eventdetail.php
@@ -108,7 +108,7 @@ if ( $mode == 'single' ) {
           <button type="submit" value="Save" <?php echo !canEdit('Events') ? ' disabled="disabled"' : '' ?>>
           <?php echo translate('Save') ?>
           </button>
-          <button type="button" onclick="closeWindow()"><?php echo translate('Cancel') ?></button>
+          <button type="button" data-on-click="closeWindow"><?php echo translate('Cancel') ?></button>
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/export.php b/web/skins/classic/views/export.php
index 54fad211c..0565f6231 100644
--- a/web/skins/classic/views/export.php
+++ b/web/skins/classic/views/export.php
@@ -46,7 +46,7 @@ xhtmlHeaders(__FILE__, translate('Export') );
   <div id="page">
     <div id="header">
       <div id="headerButtons">
-        <a href="#" onclick="closeWindow()"><?php echo translate('Close') ?></a>
+        <a href="#" data-on-click="closeWindow"><?php echo translate('Close') ?></a>
       </div>
       <h2><?php echo translate('ExportOptions') ?></h2>
     </div>
@@ -70,29 +70,29 @@ if ( !empty($_REQUEST['eid']) ) {
           <tbody>
             <tr>
               <th scope="row"><?php echo translate('ExportDetails') ?></th>
-              <td><input type="checkbox" name="exportDetail" value="1"<?php if ( !empty($_REQUEST['exportDetail']) ) { ?> checked="checked"<?php } ?> onclick="configureExportButton( this )"/></td>
+              <td><input type="checkbox" name="exportDetail" value="1"<?php if ( !empty($_REQUEST['exportDetail']) ) { ?> checked="checked"<?php } ?> data-on-click-this="configureExportButton"/></td>
             </tr>
             <tr>
               <th scope="row"><?php echo translate('ExportFrames') ?></th>
-              <td><input type="checkbox" name="exportFrames" value="1"<?php if ( !empty($_REQUEST['exportFrames']) ) { ?> checked="checked"<?php } ?> onclick="configureExportButton( this )"/></td>
+              <td><input type="checkbox" name="exportFrames" value="1"<?php if ( !empty($_REQUEST['exportFrames']) ) { ?> checked="checked"<?php } ?> data-on-click-this="configureExportButton"/></td>
             </tr>
             <tr>
               <th scope="row"><?php echo translate('ExportImageFiles') ?></th>
-              <td><input type="checkbox" name="exportImages" value="1"<?php if ( !empty($_REQUEST['exportImages']) ) { ?> checked="checked"<?php } ?> onclick="configureExportButton( this )"/></td>
+              <td><input type="checkbox" name="exportImages" value="1"<?php if ( !empty($_REQUEST['exportImages']) ) { ?> checked="checked"<?php } ?> data-on-click-this="configureExportButton"/></td>
             </tr>
             <tr>
               <th scope="row"><?php echo translate('ExportVideoFiles') ?></th>
-              <td><input type="checkbox" name="exportVideo" value="1"<?php if ( !empty($_REQUEST['exportVideo']) ) { ?> checked="checked"<?php } ?> onclick="configureExportButton( this )"/></td>
+              <td><input type="checkbox" name="exportVideo" value="1"<?php if ( !empty($_REQUEST['exportVideo']) ) { ?> checked="checked"<?php } ?> data-on-click-this="configureExportButton"/></td>
             </tr>
             <tr>
               <th scope="row"><?php echo translate('ExportMiscFiles') ?></th>
-              <td><input type="checkbox" name="exportMisc" value="1"<?php if ( !empty($_REQUEST['exportMisc']) ) { ?> checked="checked"<?php } ?> onclick="configureExportButton( this )"/></td>
+              <td><input type="checkbox" name="exportMisc" value="1"<?php if ( !empty($_REQUEST['exportMisc']) ) { ?> checked="checked"<?php } ?> data-on-click-this="configureExportButton"/></td>
             </tr>
             <tr>
               <th scope="row"><?php echo translate('ExportFormat') ?></th>
               <td>
-                <input type="radio" id="exportFormatTar" name="exportFormat" value="tar"<?php if ( isset($_REQUEST['exportFormat']) && $_REQUEST['exportFormat'] == "tar" ) { ?> checked="checked"<?php } ?> onclick="configureExportButton( this )"/><label for="exportFormatTar"><?php echo translate('ExportFormatTar') ?></label>
-                <input type="radio" id="exportFormatZip" name="exportFormat" value="zip"<?php if ( isset($_REQUEST['exportFormat']) && $_REQUEST['exportFormat'] == "zip" ) { ?> checked="checked"<?php } ?> onclick="configureExportButton( this )"/><label for="exportFormatZip"><?php echo translate('ExportFormatZip') ?></label>
+                <input type="radio" id="exportFormatTar" name="exportFormat" value="tar"<?php if ( isset($_REQUEST['exportFormat']) && $_REQUEST['exportFormat'] == "tar" ) { ?> checked="checked"<?php } ?> data-on-click-this="configureExportButton"/><label for="exportFormatTar"><?php echo translate('ExportFormatTar') ?></label>
+                <input type="radio" id="exportFormatZip" name="exportFormat" value="zip"<?php if ( isset($_REQUEST['exportFormat']) && $_REQUEST['exportFormat'] == "zip" ) { ?> checked="checked"<?php } ?> data-on-click-this="configureExportButton"/><label for="exportFormatZip"><?php echo translate('ExportFormatZip') ?></label>
               </td>
             </tr>
           </tbody>
diff --git a/web/skins/classic/views/filter.php b/web/skins/classic/views/filter.php
index 516c5d0f4..1edc4b2ab 100644
--- a/web/skins/classic/views/filter.php
+++ b/web/skins/classic/views/filter.php
@@ -296,8 +296,8 @@ for ( $i=0; $i < count($terms); $i++ ) {
 ?>
               <td><?php if ( count($terms) > 2 ) { echo htmlSelect("filter[Query][terms][$i][cbr]", $cbracketTypes, $term['cbr']); } else { ?>&nbsp;<?php } ?></td>
               <td>
-                <input type="button" onclick="addTerm(this)" value="+"/>
-                <input type="button" onclick="delTerm(this)" value="-" <?php echo count($terms) == 1 ? 'disabled' : '' ?>/>
+                <input type="button" data-on-click-this="addTerm" value="+"/>
+                <input type="button" data-on-click-this="delTerm" value="-" <?php echo count($terms) == 1 ? 'disabled' : '' ?>/>
               </td>
             </tr>
 <?php
@@ -346,17 +346,17 @@ echo htmlSelect( 'filter[Query][sort_asc]', $sort_dirns, $filter->sort_asc() );
         <div id="actionsTable" class="filterTable">
             <p>
               <label><?php echo translate('FilterArchiveEvents') ?></label>
-              <input type="checkbox" name="filter[AutoArchive]" value="1"<?php if ( $filter->AutoArchive() ) { ?> checked="checked"<?php } ?> onclick="updateButtons( this )"/>
+              <input type="checkbox" name="filter[AutoArchive]" value="1"<?php if ( $filter->AutoArchive() ) { ?> checked="checked"<?php } ?> data-on-click-this="updateButtons"/>
             </p>
             <p><label><?php echo translate('FilterUpdateDiskSpace') ?></label>
-              <input type="checkbox" name="filter[UpdateDiskSpace]" value="1"<?php echo !$filter->UpdateDiskSpace() ? '' : ' checked="checked"' ?> onclick="updateButtons(this);"/>
+              <input type="checkbox" name="filter[UpdateDiskSpace]" value="1"<?php echo !$filter->UpdateDiskSpace() ? '' : ' checked="checked"' ?> data-on-click-this="updateButtons"/>
             </p>
 <?php
 if ( ZM_OPT_FFMPEG ) {
 ?>
             <p>
               <label><?php echo translate('FilterVideoEvents') ?></label>
-              <input type="checkbox" name="filter[AutoVideo]" value="1"<?php if ( $filter->AutoVideo() ) { ?> checked="checked"<?php } ?> onclick="updateButtons( this )"/>
+              <input type="checkbox" name="filter[AutoVideo]" value="1"<?php if ( $filter->AutoVideo() ) { ?> checked="checked"<?php } ?> data-on-click-this="updateButtons"/>
             </p>
 <?php
 }
@@ -364,7 +364,7 @@ if ( ZM_OPT_UPLOAD ) {
 ?>
             <p>
               <label><?php echo translate('FilterUploadEvents') ?></label>
-              <input type="checkbox" name="filter[AutoUpload]" value="1"<?php if ( $filter->AutoUpload() ) { ?> checked="checked"<?php } ?> onclick="updateButtons( this )"/>
+              <input type="checkbox" name="filter[AutoUpload]" value="1"<?php if ( $filter->AutoUpload() ) { ?> checked="checked"<?php } ?> data-on-click-this="updateButtons"/>
             </p>
 <?php
 }
@@ -372,7 +372,7 @@ if ( ZM_OPT_EMAIL ) {
 ?>
             <p>
               <label><?php echo translate('FilterEmailEvents') ?></label>
-              <input type="checkbox" name="filter[AutoEmail]" value="1"<?php if ( $filter->AutoEmail() ) { ?> checked="checked"<?php } ?> onclick="updateButtons( this )"/>
+              <input type="checkbox" name="filter[AutoEmail]" value="1"<?php if ( $filter->AutoEmail() ) { ?> checked="checked"<?php } ?> data-on-click-this="updateButtons"/>
             </p>
 <?php
 }
@@ -380,7 +380,7 @@ if ( ZM_OPT_MESSAGE ) {
 ?>
             <p>
               <label><?php echo translate('FilterMessageEvents') ?></label>
-              <input type="checkbox" name="filter[AutoMessage]" value="1"<?php if ( $filter->AutoMessage() ) { ?> checked="checked"<?php } ?> onclick="updateButtons( this )"/>
+              <input type="checkbox" name="filter[AutoMessage]" value="1"<?php if ( $filter->AutoMessage() ) { ?> checked="checked"<?php } ?> data-on-click-this="updateButtons"/>
             </p>
 <?php
 }
@@ -388,11 +388,11 @@ if ( ZM_OPT_MESSAGE ) {
             <p>
               <label><?php echo translate('FilterExecuteEvents') ?></label>
               <input type="checkbox" name="filter[AutoExecute]" value="1"<?php if ( $filter->AutoExecute() ) { ?> checked="checked"<?php } ?>/>
-              <input type="text" name="filter[AutoExecuteCmd]" value="<?php echo (null !==$filter->AutoExecuteCmd())?$filter->AutoExecuteCmd():'' ?>" maxlength="255" onchange="updateButtons( this )"/>
+              <input type="text" name="filter[AutoExecuteCmd]" value="<?php echo (null !==$filter->AutoExecuteCmd())?$filter->AutoExecuteCmd():'' ?>" maxlength="255" data-on-change="updateButtons"/>
             </p>
             <p>
               <label><?php echo translate('FilterDeleteEvents') ?></label>
-              <input type="checkbox" name="filter[AutoDelete]" value="1"<?php if ( $filter->AutoDelete() ) { ?> checked="checked"<?php } ?> onclick="updateButtons(this)"/>
+              <input type="checkbox" name="filter[AutoDelete]" value="1"<?php if ( $filter->AutoDelete() ) { ?> checked="checked"<?php } ?> data-on-click-this="updateButtons"/>
             </p>
             <p><label><?php echo translate('FilterMoveEvents') ?></label>
               <input type="checkbox" name="filter[AutoMove]" value="1"<?php if ( $filter->AutoMove() ) { ?> checked="checked"<?php } ?> onclick="updateButtons(this);if(this.checked){$j(this.form.elements['filter[AutoMoveTo]']).css('display','inline');}else{this.form.elements['filter[AutoMoveTo]'].hide();};"/>
@@ -400,22 +400,22 @@ if ( ZM_OPT_MESSAGE ) {
             </p>
             <p>
               <label for="background"><?php echo translate('BackgroundFilter') ?></label>
-              <input type="checkbox" id="filter[Background]" name="filter[Background]" value="1"<?php if ( $filter->Background() ) { ?> checked="checked"<?php } ?> onclick="updateButtons(this);"/>
+              <input type="checkbox" id="filter[Background]" name="filter[Background]" value="1"<?php if ( $filter->Background() ) { ?> checked="checked"<?php } ?> data-on-click-this="updateButtons"/>
             </p>
             <p>
               <label for="Concurrent"><?php echo translate('ConcurrentFilter') ?></label>
-              <input type="checkbox" id="filter[Concurrent]" name="filter[Concurrent]" value="1"<?php if ( $filter->Concurrent() ) { ?> checked="checked"<?php } ?> onclick="updateButtons(this);"/>
+              <input type="checkbox" id="filter[Concurrent]" name="filter[Concurrent]" value="1"<?php if ( $filter->Concurrent() ) { ?> checked="checked"<?php } ?> data-on-click-this="updateButtons"/>
             </p>
         </div>
         <hr/>
         <div id="contentButtons">
-          <button type="submit" onclick="submitToEvents(this);"><?php echo translate('ListMatches') ?></button>
-          <button type="submit" name="executeButton" id="executeButton" onclick="executeFilter( this );"><?php echo translate('Execute') ?></button>
+          <button type="submit" data-on-click-this="submitToEvents"><?php echo translate('ListMatches') ?></button>
+          <button type="submit" name="executeButton" id="executeButton" data-on-click-this="executeFilter"><?php echo translate('Execute') ?></button>
 <?php 
 if ( canEdit('Events') ) {
 ?>
-          <button type="submit" name="Save" value="Save" onclick="saveFilter(this);"><?php echo translate('Save') ?></button>
-          <button type="submit" name="SaveAs" value="SaveAs" onclick="saveFilter(this);"><?php echo translate('SaveAs') ?></button>
+          <button type="submit" name="Save" value="Save" data-on-click-this="saveFilter"><?php echo translate('Save') ?></button>
+          <button type="submit" name="SaveAs" value="SaveAs" data-on-click-this="saveFilter"><?php echo translate('SaveAs') ?></button>
 <?php 
   if ( $filter->Id() ) {
  ?>
@@ -424,7 +424,7 @@ if ( canEdit('Events') ) {
   }
 }
 ?>
-          <button type="button" value="Reset" onclick="resetFilter( this );"><?php echo translate('Reset') ?></button>
+          <button type="button" value="Reset" data-on-click-this="resetFilter"><?php echo translate('Reset') ?></button>
         </div>
       </form>
     </div><!--content-->
diff --git a/web/skins/classic/views/frames.php b/web/skins/classic/views/frames.php
index f27f004c3..bd8fc6bfd 100644
--- a/web/skins/classic/views/frames.php
+++ b/web/skins/classic/views/frames.php
@@ -35,7 +35,7 @@ xhtmlHeaders(__FILE__, translate('Frames').' - '.$Event->Id() );
 <body>
   <div id="page">
     <div id="header">
-      <div id="headerButtons"><a href="#" onclick="closeWindow();"><?php echo translate('Close') ?></a></div>
+      <div id="headerButtons"><a href="#" data-on-click="closeWindow"><?php echo translate('Close') ?></a></div>
       <h2><?php echo translate('Frames') ?> - <?php echo $Event->Id() ?></h2>
     </div>
     <div id="content">
diff --git a/web/skins/classic/views/function.php b/web/skins/classic/views/function.php
index 8864fb07e..e92c2ed0c 100644
--- a/web/skins/classic/views/function.php
+++ b/web/skins/classic/views/function.php
@@ -54,7 +54,7 @@ foreach ( getEnumValues('Monitors', 'Function') as $optFunction ) {
         </p>
         <div id="contentButtons">
           <button type="submit" value="Save"><?php echo translate('Save') ?></button>
-          <button type="button" onclick="closeWindow()"><?php echo translate('Cancel') ?></button>
+          <button type="button" data-on-click="closeWindow"><?php echo translate('Cancel') ?></button>
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/group.php b/web/skins/classic/views/group.php
index 49fb558b2..a36e43f0a 100644
--- a/web/skins/classic/views/group.php
+++ b/web/skins/classic/views/group.php
@@ -121,7 +121,7 @@ echo htmlSelect('newGroup[ParentId]', $options, $newGroup->ParentId(), array('on
           <button type="submit" name="action" value="Save"<?php $newGroup->Id() ? '' : ' disabled="disabled"'?>>
           <?php echo translate('Save') ?>
           </button>
-          <input type="button" value="<?php echo translate('Cancel') ?>" onclick="closeWindow()"/>
+          <input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/groups.php b/web/skins/classic/views/groups.php
index 2e3c4faae..a1cfec231 100644
--- a/web/skins/classic/views/groups.php
+++ b/web/skins/classic/views/groups.php
@@ -72,7 +72,7 @@ function group_line( $Group ) {
     $html .= validHtmlStr($Group->Name());
   }
   $html .= '</td><td class="colIds">'. monitorIdsToNames($Group->MonitorIds(), 30).'</td>
-                <td class="colSelect"><input type="checkbox" name="gid[]" value="'. $Group->Id() .'" onclick="configureButtons(this);"/></td>
+                <td class="colSelect"><input type="checkbox" name="gid[]" value="'. $Group->Id() .'" data-on-click-this="configureButtons"/></td>
               </tr>
   ';
   if ( isset( $children[$Group->Id()] ) ) {
@@ -89,10 +89,10 @@ if ( isset( $children[null] ) )
           </tbody>
         </table>
         <div id="contentButtons">
-          <button type="button" value="New" onclick="newGroup();"<?php echo canEdit('Groups')?'':' disabled="disabled"' ?>>
+          <button type="button" value="New" data-on-click="newGroup"<?php echo canEdit('Groups')?'':' disabled="disabled"' ?>>
           <?php echo translate('New') ?>
           </button>
-          <button type="button" name="deleteBtn" value="Delete" onclick="deleteGroup(this);" disabled="disabled">
+          <button type="button" name="deleteBtn" value="Delete" data-on-click-this="deleteGroup" disabled="disabled">
           <?php echo translate('Delete') ?>
           </button>
         </div>
diff --git a/web/skins/classic/views/js/filter.js b/web/skins/classic/views/js/filter.js
index 461025b1a..954b7efc1 100644
--- a/web/skins/classic/views/js/filter.js
+++ b/web/skins/classic/views/js/filter.js
@@ -24,7 +24,8 @@ function validateForm ( form ) {
   return true;
 }
 
-function updateButtons( element ) {
+function updateButtons() {
+  var element = this;
   var form = element.form;
 
   if ( element.type == 'checkbox' && element.checked ) {
diff --git a/web/skins/classic/views/log.php b/web/skins/classic/views/log.php
index d13381e2f..b02ec028e 100644
--- a/web/skins/classic/views/log.php
+++ b/web/skins/classic/views/log.php
@@ -45,11 +45,11 @@ xhtmlHeaders(__FILE__, translate('SystemLog') );
         <tr class="row">
 	        <td class="col text-center">
             <div class="btn-group">
-              <button type="button" onclick="expandLog()"><?php echo translate('More') ?></button>
-              <button type="button" onclick="clearLog()"><?php echo translate('Clear') ?></button>
-              <button type="button" onclick="refreshLog()"><?php echo translate('Refresh') ?></button>
-              <button type="button" onclick="exportLog()"><?php echo translate('Export') ?></button>
-              <button type="button" onclick="closeWindow()"><?php echo translate('Close') ?></button>
+              <button type="button" data-on-click="expandLog"><?php echo translate('More') ?></button>
+              <button type="button" data-on-click="clearLog"><?php echo translate('Clear') ?></button>
+              <button type="button" data-on-click="refreshLog"><?php echo translate('Refresh') ?></button>
+              <button type="button" data-on-click="exportLog"><?php echo translate('Export') ?></button>
+              <button type="button" data-on-click="closeWindow"><?php echo translate('Close') ?></button>
             </div> <!--btn-->
           </td>
         </tr>
@@ -62,33 +62,33 @@ xhtmlHeaders(__FILE__, translate('SystemLog') );
         <tr class="row">
           <td class="col">
             <?php echo translate('Component') ?>
-            <select class="form-control chosen" id="filter[Component]" onchange="filterLog(this)"><option value="">-----</option></select>
+            <select class="form-control chosen" id="filter[Component]" data-on-change="filterLog"><option value="">-----</option></select>
           </td>
           <td class="col">
             <?php echo translate('Server') ?>
-            <select class="form-control chosen" id="filter[ServerId]" onchange="filterLog(this)"><option value="">-----</option></select>
+            <select class="form-control chosen" id="filter[ServerId]" data-on-change="filterLog"><option value="">-----</option></select>
           </td>
           <td class="col">
             <?php echo translate('Pid') ?>
-            <select class="form-control chosen" id="filter[Pid]" onchange="filterLog(this)"><option value="">-----</option></select>
+            <select class="form-control chosen" id="filter[Pid]" data-on-change="filterLog"><option value="">-----</option></select>
           </td>
         </tr>
         <tr class="row">
           <td class="col">
             <?php echo translate('Level') ?>
-            <select class="form-control chosen" id="filter[Level]" onchange="filterLog(this)"><option value="">---</option></select>
+            <select class="form-control chosen" id="filter[Level]" data-on-change="filterLog"><option value="">---</option></select>
           </td>
           <td class="col">
             <?php echo translate('File') ?>
-            <select class="form-control chosen" id="filter[File]" onchange="filterLog(this)"><option value="">------</option></select>
+            <select class="form-control chosen" id="filter[File]" data-on-change="filterLog"><option value="">------</option></select>
           </td>
           <td  class="col">
             <?php echo translate('Line') ?>
-            <select class="form-control chosen" id="filter[Line]" onchange="filterLog(this)"><option value="">----</option></select>
+            <select class="form-control chosen" id="filter[Line]" data-on-change="filterLog"><option value="">----</option></select>
           </td>
         </tr>
       </table>
-      <button type="reset" onclick="resetLog()"><?php echo translate('Reset') ?></button>
+      <button type="reset" data-on-click="resetLog"><?php echo translate('Reset') ?></button>
     </div>
     <form name="logForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
       <input type="hidden" name="view" value="<?php echo $view ?>"/>
@@ -136,7 +136,7 @@ xhtmlHeaders(__FILE__, translate('SystemLog') );
           <div id="exportError">
             <?php echo translate('ExportFailed') ?>: <span id="exportErrorText"></span>
           </div>
-          <button type="button" id="exportButton" value="Export" onclick="exportRequest()"><?php echo translate('Export') ?></button>
+          <button type="button" id="exportButton" value="Export" data-on-click="exportRequest"><?php echo translate('Export') ?></button>
           <button type="button" value="Cancel" class="overlayCloser"><?php echo translate('Cancel') ?></button>
         </form>
       </div>
diff --git a/web/skins/classic/views/logout.php b/web/skins/classic/views/logout.php
index 13c000b88..e69f76d21 100644
--- a/web/skins/classic/views/logout.php
+++ b/web/skins/classic/views/logout.php
@@ -39,7 +39,7 @@ if ( ZM_USER_SELF_EDIT ) {
   echo makePopupButton('?view=user&uid=' . $user['Id'], 'zmUser', 'user', translate('Config'));
 }
 ?>
-          <input type="button" value="<?php echo translate('Cancel') ?>" onclick="closeWindow();"/>
+          <input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
         </p>
       </form>
     </div>
diff --git a/web/skins/classic/views/monitor.php b/web/skins/classic/views/monitor.php
index faa74e7b0..493bedda5 100644
--- a/web/skins/classic/views/monitor.php
+++ b/web/skins/classic/views/monitor.php
@@ -1044,7 +1044,7 @@ if ( $monitor->Type() == 'Local' ) {
         </table>
         <div id="contentButtons">
           <button type="submit" value="Save"<?php echo canEdit('Monitors') ? '' : ' disabled="disabled"' ?>><?php echo translate('Save') ?></button>
-          <button onclick="closeWindow()"><?php echo translate('Cancel') ?></button>
+          <button data-on-click="closeWindow"><?php echo translate('Cancel') ?></button>
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/monitorpreset.php b/web/skins/classic/views/monitorpreset.php
index 0603f9d56..4a576554e 100644
--- a/web/skins/classic/views/monitorpreset.php
+++ b/web/skins/classic/views/monitorpreset.php
@@ -51,7 +51,8 @@ xhtmlHeaders(__FILE__, translate('MonitorPreset') );
           <label for="preset"><?php echo translate('Preset') ?></label><?php echo buildSelect( "preset", $presets, 'configureButtons( this )' ); ?>
         </p>
         <div id="contentButtons">
-          <input type="submit" name="saveBtn" value="<?php echo translate('Save') ?>" onclick="submitPreset( this )" disabled="disabled"/><input type="button" value="<?php echo translate('Cancel') ?>" onclick="closeWindow()"/>
+          <input type="submit" name="saveBtn" value="<?php echo translate('Save') ?>" data-on-click-this="submitPreset" disabled="disabled"/>
+          <input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/monitorprobe.php b/web/skins/classic/views/monitorprobe.php
index 1ce8f999c..ef5fc0b20 100644
--- a/web/skins/classic/views/monitorprobe.php
+++ b/web/skins/classic/views/monitorprobe.php
@@ -333,9 +333,9 @@ xhtmlHeaders(__FILE__, translate('MonitorProbe') );
           <?php echo buildSelect('probe', $cameras, 'configureButtons(this)'); ?>
         </p>
         <div id="contentButtons">
-        <button type="button" name="saveBtn" value="Save" onclick="submitCamera(this);" disabled="disabled">
+        <button type="button" name="saveBtn" value="Save" data-on-click-this="submitCamera" disabled="disabled">
         <?php echo translate('Save') ?></button>
-        <button type="button" onclick="closeWindow();"><?php echo translate('Cancel') ?></button>
+        <button type="button" data-on-click="closeWindow"><?php echo translate('Cancel') ?></button>
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/monitors.php b/web/skins/classic/views/monitors.php
index ff57a4edf..d94e71632 100644
--- a/web/skins/classic/views/monitors.php
+++ b/web/skins/classic/views/monitors.php
@@ -88,7 +88,7 @@ The following monitors will have these settings update when you click Save:<br/>
         </p>
         <div id="contentButtons">
           <button type="submit" value="Save"><?php echo translate('Save') ?></button>
-          <button type="button" onclick="closeWindow()"><?php echo translate('Cancel') ?></button>
+          <button type="button" data-on-click="closeWindow"><?php echo translate('Cancel') ?></button>
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/montage.php b/web/skins/classic/views/montage.php
index 4808b0598..df70a04c7 100644
--- a/web/skins/classic/views/montage.php
+++ b/web/skins/classic/views/montage.php
@@ -179,11 +179,11 @@ if ( $showZones ) {
             <?php echo htmlSelect('zmMontageLayout', $layoutsById, $layout_id, array('onchange'=>'selectLayout(this);', 'id'=>'zmMontageLayout')); ?>
           </span>
           <input type="hidden" name="Positions"/>
-          <input type="button" id="EditLayout" value="<?php echo translate('EditLayout') ?>" onclick="edit_layout(this);"/>
+          <input type="button" id="EditLayout" value="<?php echo translate('EditLayout') ?>" data-on-click-this="edit_layout"/>
           <span id="SaveLayout" style="display:none;">
             <input type="text" name="Name" placeholder="Enter new name for layout if desired" />
-            <input type="button" value="<?php echo translate('Save') ?>" onclick="save_layout(this);"/>
-            <input type="button" value="Cancel" onclick="cancel_layout(this);"/>
+            <input type="button" value="<?php echo translate('Save') ?>" data-on-click-this="save_layout"/>
+            <input type="button" value="Cancel" data-on-click-this="cancel_layout"/>
           </span>
         </form>
       </div>
diff --git a/web/skins/classic/views/montagereview.php b/web/skins/classic/views/montagereview.php
index 2fea36ae0..039938824 100644
--- a/web/skins/classic/views/montagereview.php
+++ b/web/skins/classic/views/montagereview.php
@@ -255,19 +255,19 @@ xhtmlHeaders(__FILE__, translate('MontageReview') );
         <span id="speedslideroutput"><?php echo $speeds[$speedIndex] ?> fps</span>
       </div>
       <div id="ButtonsDiv">
-        <button type="button" id="panleft"   onclick="click_panleft();"    >&lt; <?php echo translate('Pan') ?></button>
-        <button type="button" id="zoomin"    onclick="click_zoomin();"     ><?php echo translate('In +') ?></button>
-        <button type="button" id="zoomout"   onclick="click_zoomout();"    ><?php echo translate('Out -') ?></button>
-        <button type="button" id="lasteight" onclick="click_lastEight();"  ><?php echo translate('8 Hour') ?></button>
-        <button type="button" id="lasthour"  onclick="click_lastHour();"   ><?php echo translate('1 Hour') ?></button>
-        <button type="button" id="allof"     onclick="click_all_events();" ><?php echo translate('All Events') ?></button>
+        <button type="button" id="panleft"   data-on-click="click_panleft"    >&lt; <?php echo translate('Pan') ?></button>
+        <button type="button" id="zoomin"    data-on-click="click_zoomin"     ><?php echo translate('In +') ?></button>
+        <button type="button" id="zoomout"   data-on-click="click_zoomout"    ><?php echo translate('Out -') ?></button>
+        <button type="button" id="lasteight" data-on-click="click_lastEight"  ><?php echo translate('8 Hour') ?></button>
+        <button type="button" id="lasthour"  data-on-click="click_lastHour"   ><?php echo translate('1 Hour') ?></button>
+        <button type="button" id="allof"     data-on-click="click_all_events" ><?php echo translate('All Events') ?></button>
         <button type="button" id="liveButton"      onclick="setLive(1-liveMode); console.log('live');return false;"><?php echo translate('Live') ?></button>
         <button type="button" id="fit"       onclick="setFit(1-fitMode);"  ><?php echo translate('Fit') ?></button>
-        <button type="button" id="panright"  onclick="click_panright();"   ><?php echo translate('Pan') ?> &gt;</button>
+        <button type="button" id="panright"  data-on-click="click_panright"   ><?php echo translate('Pan') ?> &gt;</button>
 <?php
 if ( (!$liveMode) and (count($displayMonitors) != 0) ) {
 ?>
-        <button type="button" id="downloadVideo" onclick="click_download();"><?php echo translate('Download Video') ?></button>
+        <button type="button" id="downloadVideo" data-on-click="click_download"><?php echo translate('Download Video') ?></button>
 <?php
 }
 ?>
diff --git a/web/skins/classic/views/onvifprobe.php b/web/skins/classic/views/onvifprobe.php
index ddbd895b6..ecbd69ec9 100644
--- a/web/skins/classic/views/onvifprobe.php
+++ b/web/skins/classic/views/onvifprobe.php
@@ -193,8 +193,8 @@ if ( !isset($_REQUEST['step']) || ($_REQUEST['step'] == '1') ) {
           <input type="password" name="password" value=""onChange="configureButtons(this)"/>
         </p>
         <div id="contentButtons">
-          <input type="button" value="<?php echo translate('Cancel') ?>" onclick="closeWindow()"/>
-          <input type="submit" name="nextBtn" value="<?php echo translate('Next') ?>" onclick="gotoStep2(this)" disabled="disabled"/>
+          <input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
+          <input type="submit" name="nextBtn" value="<?php echo translate('Next') ?>" data-on-click-this="gotoStep2" disabled="disabled"/>
         </div>
       </form>
     </div>
@@ -260,9 +260,9 @@ if ( !isset($_REQUEST['step']) || ($_REQUEST['step'] == '1') ) {
           <?php echo htmlSelect('probe', $profiles, null, array('onchange'=>'configureButtons(this)')); ?>
         </p>
         <div id="contentButtons">
-          <input type="button" name="prevBtn" value="<?php echo translate('Prev') ?>" onclick="gotoStep1(this)"/>
-          <input type="button" value="<?php echo translate('Cancel') ?>" onclick="closeWindow()"/>
-          <input type="submit" name="saveBtn" value="<?php echo translate('Save') ?>" onclick="submitCamera(this)" disabled="disabled"/>
+          <input type="button" name="prevBtn" value="<?php echo translate('Prev') ?>" data-on-click-this="gotoStep1"/>
+          <input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
+          <input type="submit" name="saveBtn" value="<?php echo translate('Save') ?>" data-on-click-this="submitCamera" disabled="disabled"/>
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/optionhelp.php b/web/skins/classic/views/optionhelp.php
index 573da2f0d..b5a596549 100644
--- a/web/skins/classic/views/optionhelp.php
+++ b/web/skins/classic/views/optionhelp.php
@@ -36,7 +36,7 @@ xhtmlHeaders(__FILE__, translate('OptionHelp') );
   <div id="page">
     <div id="header">
       <div id="headerButtons">
-        <a href="#" onclick="closeWindow();"><?php echo translate('Close') ?></a>
+        <a href="#" data-on-click="closeWindow"><?php echo translate('Close') ?></a>
       </div>
       <h2><?php echo translate('OptionHelp') ?></h2>
     </div>
diff --git a/web/skins/classic/views/options.php b/web/skins/classic/views/options.php
index 52df17b02..854f9e362 100644
--- a/web/skins/classic/views/options.php
+++ b/web/skins/classic/views/options.php
@@ -185,7 +185,7 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI
               <td class="colSystem"><?php echo validHtmlStr($row['System']) ?></td>
               <td class="colBandwidth"><?php echo $row['MaxBandwidth']?$bandwidth_options[$row['MaxBandwidth']]:'&nbsp;' ?></td>
               <td class="colMonitor"><?php echo $row['MonitorIds']?(join( ", ", $userMonitors )):"&nbsp;" ?></td>
-              <td class="colMark"><input type="checkbox" name="markUids[]" value="<?php echo $row['Id'] ?>" onclick="configureDeleteButton( this );"<?php if ( !$canEdit ) { ?> disabled="disabled"<?php } ?>/></td>
+              <td class="colMark"><input type="checkbox" name="markUids[]" value="<?php echo $row['Id'] ?>" data-on-click-this="configureDeleteButton"<?php if ( !$canEdit ) { ?> disabled="disabled"<?php } ?>/></td>
             </tr>
 <?php
     }
@@ -252,7 +252,7 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI
               <td class="colAudit"><?php echo makePopupLink('?view=server&amp;id='.$Server->Id(), 'zmServer', 'server', $Server->zmaudit() ? 'yes' : 'no', $canEdit) ?></td>
               <td class="colTrigger"><?php echo makePopupLink('?view=server&amp;id='.$Server->Id(), 'zmServer', 'server', $Server->zmtrigger() ? 'yes' : 'no', $canEdit) ?></td>
 
-              <td class="colMark"><input type="checkbox" name="markIds[]" value="<?php echo $Server->Id() ?>" onclick="configureDeleteButton(this);"<?php if ( !$canEdit ) { ?> disabled="disabled"<?php } ?>/></td>
+              <td class="colMark"><input type="checkbox" name="markIds[]" value="<?php echo $Server->Id() ?>" data-on-click-this="configureDeleteButton"<?php if ( !$canEdit ) { ?> disabled="disabled"<?php } ?>/></td>
 			</tr>
 <?php } #end foreach Server ?>
           </tbody>
@@ -293,7 +293,7 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI
               <td class="colServer"><?php
               echo makePopupLink('?view=storage&amp;id='.$Storage->Id(), 'zmStorage', 'storage', validHtmlStr($Storage->Name()), $canEdit ) ?></td>
               <td class="colDiskSpace"><?php echo human_filesize($Storage->disk_used_space()) . ' of ' . human_filesize($Storage->disk_total_space()) ?></td>
-              <td class="colMark"><input type="checkbox" name="markIds[]" value="<?php echo $Storage->Id() ?>" onclick="configureDeleteButton(this);"<?php if ( !$canEdit ) { ?> disabled="disabled"<?php } ?>/></td>
+              <td class="colMark"><input type="checkbox" name="markIds[]" value="<?php echo $Storage->Id() ?>" data-on-click-this="configureDeleteButton"<?php if ( !$canEdit ) { ?> disabled="disabled"<?php } ?>/></td>
             </tr>
 <?php } #end foreach Server ?>
           </tbody>
diff --git a/web/skins/classic/views/plugin.php b/web/skins/classic/views/plugin.php
index dd7de246a..7b4cf85ca 100644
--- a/web/skins/classic/views/plugin.php
+++ b/web/skins/classic/views/plugin.php
@@ -158,7 +158,8 @@ foreach($pluginOptions as $name => $popt)
 ?>
             </tbody>
           </table>
-          <input type="submit" id="submitBtn" name="submitBtn" value="<?php echo translate('Save') ?>" onclick="return saveChanges( this )"<?php if (!canEdit( 'Monitors' ) || (false && $selfIntersecting)) { ?> disabled="disabled"<?php } ?>/><input type="button" value="<?php echo translate('Cancel') ?>" onclick="closeWindow()"/>
+          <input type="submit" id="submitBtn" name="submitBtn" value="<?php echo translate('Save') ?>" onclick="return saveChanges( this )"<?php if (!canEdit( 'Monitors' ) || (false && $selfIntersecting)) { ?> disabled="disabled"<?php } ?>/>
+          <input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/privacy.php b/web/skins/classic/views/privacy.php
index 1480c2973..9bd283b4a 100644
--- a/web/skins/classic/views/privacy.php
+++ b/web/skins/classic/views/privacy.php
@@ -65,7 +65,7 @@ xhtmlHeaders(__FILE__, translate('Privacy') );
         <p><?php echo buildSelect( "option", $options ); ?></p>
 
         <div id="contentButtons">
-          <input type="submit" value="<?php echo translate('Apply') ?>" onclick="submitForm( this )">
+          <input type="submit" value="<?php echo translate('Apply') ?>" data-on-click-this="submitForm">
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/server.php b/web/skins/classic/views/server.php
index 42dd5fc6f..a4e60c3f2 100644
--- a/web/skins/classic/views/server.php
+++ b/web/skins/classic/views/server.php
@@ -99,7 +99,7 @@ xhtmlHeaders(__FILE__, translate('Server').' - '.$Server->Name());
         <div id="contentButtons">
           <input type="hidden" name="action" value="Save"/>
           <input type="submit" value="<?php echo translate('Save') ?>"/>
-          <input type="button" value="<?php echo translate('Cancel') ?>" onclick="closeWindow();"/>
+          <input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/settings.php b/web/skins/classic/views/settings.php
index e5ac9707b..2ed9e7c5d 100644
--- a/web/skins/classic/views/settings.php
+++ b/web/skins/classic/views/settings.php
@@ -69,7 +69,7 @@ xhtmlHeaders(__FILE__, validHtmlStr($monitor['Name'])." - ".translate('Settings'
           </tbody>
         </table>
         <div id="contentButtons">
-          <input type="submit" value="<?php echo translate('Save') ?>"<?php if ( !canView( 'Control' ) ) { ?> disabled="disabled"<?php } ?>/><input type="button" value="<?php echo translate('Close') ?>" onclick="closeWindow()"/>
+          <input type="submit" value="<?php echo translate('Save') ?>"<?php if ( !canView( 'Control' ) ) { ?> disabled="disabled"<?php } ?>/><input type="button" value="<?php echo translate('Close') ?>" data-on-click="closeWindow"/>
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/storage.php b/web/skins/classic/views/storage.php
index 3aecdb042..49c8d4dec 100644
--- a/web/skins/classic/views/storage.php
+++ b/web/skins/classic/views/storage.php
@@ -104,7 +104,7 @@ xhtmlHeaders(__FILE__, translate('Storage')." - ".$newStorage['Name'] );
         </table>
         <div id="contentButtons">
           <button name="action" type="submit" value="Save"><?php echo translate('Save') ?></button>
-          <button type="button" onclick="closeWindow();"><?php echo translate('Cancel') ?></button>
+          <button type="button" data-on-click="closeWindow"><?php echo translate('Cancel') ?></button>
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/user.php b/web/skins/classic/views/user.php
index 028ce439d..ee0c7428c 100644
--- a/web/skins/classic/views/user.php
+++ b/web/skins/classic/views/user.php
@@ -153,7 +153,7 @@ if ( canEdit( 'System' ) )
           </tbody>
         </table>
         <div id="contentButtons">
-          <input type="submit" value="<?php echo translate('Save') ?>"/><input type="button" value="<?php echo translate('Cancel') ?>" onclick="closeWindow()"/>
+          <input type="submit" value="<?php echo translate('Save') ?>"/><input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
         </div>
       </form>
     </div>
diff --git a/web/skins/classic/views/version.php b/web/skins/classic/views/version.php
index e2db1de68..70590eb2b 100644
--- a/web/skins/classic/views/version.php
+++ b/web/skins/classic/views/version.php
@@ -55,7 +55,7 @@ if ( ZM_DYN_DB_VERSION && (ZM_DYN_DB_VERSION != ZM_VERSION) )
       <p class="errorText"><?php echo sprintf( $CLANG['VersionMismatch'], ZM_VERSION, ZM_DYN_DB_VERSION ) ?></p>
       <p><?php echo translate('RunLocalUpdate') ?></p>
       <div id="contentButtons">
-        <input type="button" value="<?php echo translate('Close') ?>" onclick="closeWindow()"/>
+        <input type="button" value="<?php echo translate('Close') ?>" data-on-click="closeWindow"/>
       </div>
 <?php
 }
@@ -64,9 +64,9 @@ elseif ( verNum( ZM_DYN_LAST_VERSION ) <= verNum( ZM_VERSION ) )
 ?>
       <p><?php echo sprintf( $CLANG['RunningRecentVer'], ZM_VERSION ) ?></p>
       <p><?php echo translate('UpdateNotNecessary') ?></p>
-      <p><input type="button" value="<?php echo translate('GoToZoneMinder') ?>" onclick="zmWindow()"/></p>
+      <p><input type="button" value="<?php echo translate('GoToZoneMinder') ?>" data-on-click="zmWindow"/></p>
       <div id="contentButtons">
-        <input type="button" value="<?php echo translate('Close') ?>" onclick="closeWindow()"/>
+        <input type="button" value="<?php echo translate('Close') ?>" data-on-click="closeWindow"/>
       </div>
 <?php
 }
@@ -80,8 +80,8 @@ else
         <p><?php echo sprintf( $CLANG['LatestRelease'], ZM_DYN_LAST_VERSION, ZM_VERSION ) ?></p>
         <p><?php echo buildSelect( "option", $options ); ?></p>
         <div id="contentButtons">
-          <input type="submit" value="<?php echo translate('Apply') ?>" onclick="submitForm( this )"/>
-          <input type="button" value="<?php echo translate('Close') ?>" onclick="closeWindow()"/>
+          <input type="submit" value="<?php echo translate('Apply') ?>" data-on-click-this="submitForm"/>
+          <input type="button" value="<?php echo translate('Close') ?>" data-on-click="closeWindow"/>
         </div>
       </form>
 <?php
diff --git a/web/skins/classic/views/video.php b/web/skins/classic/views/video.php
index 2a6a41424..85a8abb6c 100644
--- a/web/skins/classic/views/video.php
+++ b/web/skins/classic/views/video.php
@@ -106,7 +106,7 @@ xhtmlHeaders(__FILE__, translate('Video'));
   <div id="page">
     <div id="header">
       <div id="headerButtons">
-        <a href="#" onclick="closeWindow()"><?php echo translate('Close') ?></a>
+        <a href="#" data-on-click="closeWindow"><?php echo translate('Close') ?></a>
       </div>
       <h2><?php echo translate('Video') ?></h2>
     </div>
diff --git a/web/skins/classic/views/watch.php b/web/skins/classic/views/watch.php
index e6759dc39..786867eec 100644
--- a/web/skins/classic/views/watch.php
+++ b/web/skins/classic/views/watch.php
@@ -93,8 +93,8 @@ if ( canView('Control') && $monitor->Type() == 'Local' ) {
 if ( canEdit('Monitors') ) {
 ?>
         <div id="forceCancelAlarm">
-            <a id="forceAlarmLink" href="#" onclick="cmdForceAlarm();"><?php echo translate('ForceAlarm') ?></a>
-            <a id="cancelAlarmLink" href="#" onclick="cmdCancelForcedAlarm();" class="hidden"><?php echo translate('CancelForcedAlarm') ?></a>
+            <a id="forceAlarmLink" href="#" data-on-click="cmdForceAlarm"><?php echo translate('ForceAlarm') ?></a>
+            <a id="cancelAlarmLink" href="#" data-on-click="cmdCancelForcedAlarm" class="hidden"><?php echo translate('CancelForcedAlarm') ?></a>
         </div>
 <?php
 }
@@ -106,23 +106,23 @@ if ( canEdit('Monitors') ) {
 if ( $streamMode == 'jpeg' ) {
   if ( $monitor->StreamReplayBuffer() != 0 ) {
 ?>
-        <input type="button" value="&lt;&lt;" id="fastRevBtn" title="<?php echo translate('Rewind') ?>" class="unavail" disabled="disabled" onclick="streamCmdFastRev(true)"/>
-        <input type="button" value="&lt;" id="slowRevBtn" title="<?php echo translate('StepBack') ?>" class="unavail" disabled="disabled" onclick="streamCmdSlowRev(true)"/>
+        <input type="button" value="&lt;&lt;" id="fastRevBtn" title="<?php echo translate('Rewind') ?>" class="unavail" disabled="disabled" data-on-click-true="streamCmdFastRev"/>
+        <input type="button" value="&lt;" id="slowRevBtn" title="<?php echo translate('StepBack') ?>" class="unavail" disabled="disabled" data-on-click-true="streamCmdSlowRev"/>
 <?php 
   }
 ?>
-        <input type="button" value="||" id="pauseBtn" title="<?php echo translate('Pause') ?>" class="inactive" onclick="streamCmdPause(true)"/>
-        <input type="button" value="[]" id="stopBtn" title="<?php echo translate('Stop') ?>" class="unavail" disabled="disabled" onclick="streamCmdStop(true)"/>
-        <input type="button" value="|&gt;" id="playBtn" title="<?php echo translate('Play') ?>" class="active" disabled="disabled" onclick="streamCmdPlay(true)"/>
+        <input type="button" value="||" id="pauseBtn" title="<?php echo translate('Pause') ?>" class="inactive" data-on-click-true="streamCmdPause"/>
+        <input type="button" value="[]" id="stopBtn" title="<?php echo translate('Stop') ?>" class="unavail" disabled="disabled" data-on-click-true="streamCmdStop"/>
+        <input type="button" value="|&gt;" id="playBtn" title="<?php echo translate('Play') ?>" class="active" disabled="disabled" data-on-click-true="streamCmdPlay"/>
 <?php
   if ( $monitor->StreamReplayBuffer() != 0 ) {
 ?>
-        <input type="button" value="&gt;" id="slowFwdBtn" title="<?php echo translate('StepForward') ?>" class="unavail" disabled="disabled" onclick="streamCmdSlowFwd(true)"/>
-        <input type="button" value="&gt;&gt;" id="fastFwdBtn" title="<?php echo translate('FastForward') ?>" class="unavail" disabled="disabled" onclick="streamCmdFastFwd(true)"/>
+        <input type="button" value="&gt;" id="slowFwdBtn" title="<?php echo translate('StepForward') ?>" class="unavail" disabled="disabled" data-on-click-true="streamCmdSlowFwd"/>
+        <input type="button" value="&gt;&gt;" id="fastFwdBtn" title="<?php echo translate('FastForward') ?>" class="unavail" disabled="disabled" data-on-click-true="streamCmdFastFwd"/>
 <?php
   }
 ?>
-        <input type="button" value="&ndash;" id="zoomOutBtn" title="<?php echo translate('ZoomOut') ?>" class="avail" onclick="streamCmdZoomOut()"/>
+        <input type="button" value="&ndash;" id="zoomOutBtn" title="<?php echo translate('ZoomOut') ?>" class="avail" data-on-click="streamCmdZoomOut"/>
 <?php
 } // end if streamMode==jpeg
 ?>
diff --git a/web/skins/classic/views/zone.php b/web/skins/classic/views/zone.php
index 6c04abf2f..4a172083f 100644
--- a/web/skins/classic/views/zone.php
+++ b/web/skins/classic/views/zone.php
@@ -283,7 +283,7 @@ for ( $i = 0; $i < $pointCols; $i++ )
               </tr>
             </tbody>
           </table>
-          <input id="pauseBtn" type="button" value="<?php echo translate('Pause') ?>" onclick="streamCmdPauseToggle()"/>
+          <input id="pauseBtn" type="button" value="<?php echo translate('Pause') ?>" data-on-click="streamCmdPauseToggle"/>
           <input type="submit" id="submitBtn" name="submitBtn" value="<?php echo translate('Save') ?>" onclick="return saveChanges( this )"<?php if (!canEdit( 'Monitors' ) || (false && $selfIntersecting)) { ?> disabled="disabled"<?php } ?>/>
           <input type="button" value="<?php echo translate('Cancel') ?>" onclick="refreshParentWindow(); closeWindow();"/>
         </div>
diff --git a/web/skins/classic/views/zones.php b/web/skins/classic/views/zones.php
index 7c345071e..5446676b4 100644
--- a/web/skins/classic/views/zones.php
+++ b/web/skins/classic/views/zones.php
@@ -48,7 +48,7 @@ xhtmlHeaders(__FILE__, translate('Zones') );
 <body>
   <div id="page">
     <div id="header">
-      <div id="headerButtons"><a href="#" onclick="closeWindow();"><?php echo translate('Close') ?></a></div>
+      <div id="headerButtons"><a href="#" data-on-click="closeWindow"><?php echo translate('Close') ?></a></div>
       <h2><?php echo translate('Zones') ?></h2>
     </div>
     <div id="content" style="width:<?php echo $monitor->Width() ?>px; height:<?php echo $monitor->Height() ?>px; position:relative; margin: 0 auto;">
@@ -77,7 +77,7 @@ foreach( $zones as $zone ) {
               <td class="colName"><?php echo makePopupLink('?view=zone&mid=' . $mid . '&zid=' . $zone['Id'], 'zmZone', array('zone', $monitor->Width(), $monitor->Height()), $zone['Name'], true, 'onclick="streamCmdQuit( true ); return( false );"'); ?></td>
               <td class="colType"><?php echo $zone['Type'] ?></td>
               <td class="colUnits"><?php echo $zone['Area'] ?>&nbsp;/&nbsp;<?php echo sprintf( "%.2f", ($zone['Area']*100)/($monitor->Width()*$monitor->Height()) ) ?></td>
-              <td class="colMark"><input type="checkbox" name="markZids[]" value="<?php echo $zone['Id'] ?>" onclick="configureDeleteButton( this );"<?php if ( !canEdit( 'Monitors' ) ) { ?> disabled="disabled"<?php } ?>/></td>
+              <td class="colMark"><input type="checkbox" name="markZids[]" value="<?php echo $zone['Id'] ?>" data-on-click-this="configureDeleteButton"<?php if ( !canEdit( 'Monitors' ) ) { ?> disabled="disabled"<?php } ?>/></td>
             </tr>
 <?php
 }