Daniel Blankenberg avatar Daniel Blankenberg committed 2d86b22

HTML escape values that could be set by the user in templates/webapps/community/repository_review/create_component.mako.

Comments (0)

Files changed (1)


         <form name="create_component" id="create_component" action="${h.url_for( controller='repository_review', action='create_component' )}" method="post" >
             <div class="form-row">
-                <input name="name" type="textfield" value="${name}" size=40"/>
+                <input name="name" type="textfield" value="${name | h}" size=40"/>
             <div class="form-row">
-                <input name="description" type="textfield" value="${description}" size=40"/>
+                <input name="description" type="textfield" value="${description | h}" size=40"/>
             <div class="form-row">
                 <input type="submit" name="create_component_button" value="Save"/>
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.