Commits

Dimitris Glezos  committed 3fc1bfa

Add template escaping on all firstof tags.

  • Participants
  • Parent commits 0b519ef

Comments (0)

Files changed (6)

File transifex/languages/templates/feeds/all_description.html

-{% firstof obj.description obj.name %}
+{% firstof obj.description|escape obj.name|escape %}

File transifex/projects/templates/feeds/latest_description.html

-{% firstof obj.description obj.name %}
+{% firstof obj.description|escape obj.name|escape %}
 <br/>
 <br/>Components: {% for comp in obj.component_set.all %}<a href="{{ comp.get_absolute_url }}">{{ comp.name }}</a>{% if not forloop.last %}, {% endif %}{% endfor %}

File transifex/projects/templates/feeds/project_description.html

-{% firstof obj.description obj.name %}
+{% firstof obj.description|escape obj.name|escape %}

File transifex/templates/projects/project_detail.html

   {% endif %}
   <h2 class="name">{{ project.name }}</h2>
 
-  <p class="description">{% firstof project.description project.name %}</p>
+  <p class="description">{% firstof project.description|escape project.name|escape %}</p>
 
   {% with project.long_description_html as long_desc %}
   {% if long_desc %}

File transifex/templates/projects/project_list.html

       <p class="description">{{ project.description }}</p>
       <p>
         <span class="i16 component compact">
-          {% for comp in project.component_set.all|slice:"0:4" %}<a class="component" title="{% firstof comp.description comp.name %}" href="{{ comp.get_absolute_url }}">{{ comp.name }}</a> {% endfor %}
+          {% for comp in project.component_set.all|slice:"0:4" %}<a class="component" title="{% firstof comp.description|escape comp.name|escape %}" href="{{ comp.get_absolute_url }}">{{ comp.name }}</a> {% endfor %}
         </span>
       {% if project.tags %}| <span class="i16 tag compact">{% trans "Tags:" %} {% for tag in project.tagsobj.all|slice:"0:6" %}<a class="tag" href="{% url project_tag_list tag=tag %}">{{ tag }}</a> {% endfor %}</span>{% endif %}
       </p>

File transifex/templates/projects/release_detail.html

         </span>
         <ul id="component-list" class="simple links" style="display:none;">
           {% for comp in component_list %}
-            <li><a title="{% firstof comp.description comp.name %}" href="{{ comp.get_absolute_url }}">{{ comp.full_name }}</a></li>
+            <li><a title="{% firstof comp.description|escape comp.name|escape %}" href="{{ comp.get_absolute_url }}">{{ comp.full_name }}</a></li>
           {% endfor %}
         </ul>
         {% endwith %}