Enforce escaping on all template content

2019-09-23 14:22:00 +01:00
parent 5f378a39ea
commit deb9b62c7f
77 changed files with 392 additions and 387 deletions
--- a/share/views/ajax/admintask/slowdevices.tt
+++ b/share/views/ajax/admintask/slowdevices.tt
@@ -16,7 +16,7 @@
    <tr>
      <td class="nd_center-cell">[% row.action.ucfirst | html_entity %]</td>
      <td class="nd_center-cell"><a class="nd_linkcell"
-        href="[% uri_for('/device') %]?q=[% row.device | uri %]">[% row.device | html_entity %]</a></td>
+        href="[% uri_for('/device') | none %]?q=[% row.device | uri %]">[% row.device | html_entity %]</a></td>
      <td class="nd_center-cell">[% row.started  | html_entity %]</td>
      <td class="nd_center-cell">[% row.finished | html_entity %]</td>
      <td class="nd_center-cell">[% row.elapsed  | html_entity %]</td>