135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enforce escaping on all template content

Browse Source
This commit is contained in:
Oliver Gorwits
2019-09-23 14:22:00 +01:00
parent 5f378a39ea
commit deb9b62c7f
77 changed files with 392 additions and 387 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
share/views/admintask.tt
View File

@@ -9,14 +9,14 @@
rel="tooltip" data-placement="left" data-offset="5" data-title="Unpin Sidebar" data-container="body"></i>
<div class="tab-content">
<div id="[% task.tag %]_search" class="tab-pane active">
<form id="[% task.tag %]_form" class="nd_sidebar-form form-stacked"
method="get" action="[% uri_for('/admin') %]">
<div id="[% task.tag | html_entity %]_search" class="tab-pane active">
<form id="[% task.tag | html_entity %]_form" class="nd_sidebar-form form-stacked"
method="get" action="[% uri_for('/admin') | none %]">
[% TRY %]
<script type="text/javascript">has_sidebar["[% task.tag %]"] = 1;</script>
<script type="text/javascript">has_sidebar["[% task.tag | html_entity %]"] = 1;</script>
[% INCLUDE "sidebar/admintask/${task.tag}.tt" %]
[% CATCH %]
<script type="text/javascript">has_sidebar["[% task.tag %]"] = 0;</script>
<script type="text/javascript">has_sidebar["[% task.tag | html_entity %]"] = 0;</script>
[% END %]
</form>
</div> <!-- /tab-pane -->
@@ -26,8 +26,8 @@
<div class="content">
<ul id="nd_search-results" class="nav nav-tabs">
<li class="active"><a id="[% task.tag %]_link" class="nd_single-tab"
href="#[% task.tag %]_pane">[% task.label %]</a></li>
<li class="active"><a id="[% task.tag | html_entity %]_link" class="nd_single-tab"
href="#[% task.tag | html_entity %]_pane">[% task.label | html_entity %]</a></li>
[% IF task.tag == 'jobqueue' %]
<span id="nd_device-name">
<a class="nd_adminbutton" name="delall" href="#"><i class="icon-trash text-error"></i></a>
@@ -49,7 +49,7 @@
[% END %]
</ul>
<div class="tab-content">
<div class="tab-pane active" id="[% task.tag %]_pane"></div>
<div class="tab-pane active" id="[% task.tag | html_entity %]_pane"></div>
</div>
</div>