Marius Gedminas avatar Marius Gedminas committed 30575d0

Make sure we HTML-escape everything.

There was missing HTML-escaping in the truncated long message case.

Comments (0)

Files changed (2)

         """
         self.app = app
         tmpl_dir = os.path.join(here_dir, 'templates')
-        self.mako = TemplateLookup(directories=[tmpl_dir])
+        self.mako = TemplateLookup(directories=[tmpl_dir],
+                                   default_filters=['h'])
 
         self.log_colors = {}
         for key, val in itertools.chain(config.iteritems(),

dozer/templates/logbar.mako

                         <span style="cursor: pointer; text-decoration: underline;" onclick="javascript:DLV.show_span(${id(event)})">${first}</span>\
 <span style="display:inline;" id="${id(event)}_extra"> ... </span><span id="${id(event)}" style="display:none">${middle}</span>${last}
                     % else:
-                        ${msg | h}\
+                        ${msg}\
                     % endif
                     % if hasattr(event, 'traceback'):
                     <span style="float: right; cursor: pointer; text-decoration: underline; margin-left: 6px;" onclick="javascript:DLV.show_block('${'tb%s' % id(event)}')">TB</span>
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.