Enforce escaping on all template content

2019-09-23 14:22:00 +01:00
parent 5f378a39ea
commit deb9b62c7f
77 changed files with 392 additions and 387 deletions
--- a/share/views/ajax/report/ipinventory.tt
+++ b/share/views/ajax/report/ipinventory.tt
@@ -13,7 +13,7 @@
 $(document).ready(function() {
  var table = $('#data-table').dataTable({
    "deferRender": true,
-    "data": [% results %],
+    "data": [% results | none %],
    "columns": [
      {
        "data": 'ip',
@@ -21,12 +21,12 @@ $(document).ready(function() {
          var cell_str = he.encode(data);
          if (type == 'display') {
            if (row.time_last && row.node) {
-              cell_str = '<a href="[% search_node %]&q=' + encodeURIComponent(data)
+              cell_str = '<a href="[% search_node | none %]&q=' + encodeURIComponent(data)
                + (row.active ? '' : '&archived=on') + '">' + he.encode(data)
                + (row.active ? '' : '&nbsp;<i class="icon-book text-warning"></i>&nbsp;') + '</a>';
            }
            else if (row.time_last) {
-              cell_str = '<a href="[% search_device %]&q=' + encodeURIComponent(data) + '">' + he.encode(data) + '</a>';
+              cell_str = '<a href="[% search_device | none %]&q=' + encodeURIComponent(data) + '">' + he.encode(data) + '</a>';
            }
          }
          return cell_str;
@@ -36,7 +36,7 @@ $(document).ready(function() {
        "render": function(data, type, row, meta) {
          var cell_str = he.encode(data || '');
          if (type == 'display' && data && row.time_last) {
-            cell_str = '<a href="[% search_node %]&q=' + encodeURIComponent(data)
+            cell_str = '<a href="[% search_node | none %]&q=' + encodeURIComponent(data)
              + (row.active ? '' : '&archived=on') + '">' + he.encode(data)
              + (row.active ? '' : '&nbsp;<i class="icon-book text-warning"></i>&nbsp;') + '</a>';
          }