135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enforce escaping on all template content

Browse Source
This commit is contained in:
Oliver Gorwits
2019-09-23 14:22:00 +01:00
parent 5f378a39ea
commit deb9b62c7f
77 changed files with 392 additions and 387 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
share/views/ajax/report/apradiochannelpower.tt
View File

@@ -25,7 +25,7 @@ function groupString(d) {
"use strict";
var s = '';
s = s + 'Device: ';
s = s + '<a href="[% uri_for('/device') %]?tab=details&q=' + encodeURIComponent(d.ip) + '">';
s = s + '<a href="[% uri_for('/device') | none %]?tab=details&q=' + encodeURIComponent(d.ip) + '">';
s = s + he.encode(d.dns || d.device_name || d.ip);
if (d.dns || d.device_name) {
s = s + ' (' + he.encode(d.ip) + ') ';
@@ -39,7 +39,7 @@ function groupString(d) {
$(document).ready(function() {
var table = $('#data-table').DataTable({
"serverSide": true,
"ajax": "[% uri_for('/ajax/content/report/apradiochannelpower/data') %]",
"ajax": "[% uri_for('/ajax/content/report/apradiochannelpower/data') | none %]",
"order": [[ 0, 'asc' ]],
"columns": [
{
@@ -59,7 +59,7 @@ $(document).ready(function() {
"type": 'portsort',
"render": function(data, type, row, meta) {
return type === 'display' ?
'<a href="[% device_ports %]&q=' + encodeURIComponent(row.ip) + '&f=' + encodeURIComponent(data) + '">' + he.encode(data || '') + '</a>' :
'<a href="[% device_ports | none %]&q=' + encodeURIComponent(row.ip) + '&f=' + encodeURIComponent(data) + '">' + he.encode(data || '') + '</a>' :
he.encode(data || '');
}
}, {