Enforce escaping on all template content

2019-09-23 14:22:00 +01:00
parent 5f378a39ea
commit deb9b62c7f
77 changed files with 392 additions and 387 deletions
--- a/share/views/ajax/report/netbios.tt
+++ b/share/views/ajax/report/netbios.tt
@@ -29,7 +29,7 @@ $(document).ready(function() {
    [% IF opt %]
    "serverSide": true,
    "order": [[ 0, "desc" ]],
-    "ajax": "[% uri_for('/ajax/content/report/netbios/data') %]?[% url(params('query').hash) %]",
+    "ajax": "[% uri_for('/ajax/content/report/netbios/data') | none %]?[% url(params('query').hash) | none %]",
    "columns": [
      {
        "data": 'domain',
@@ -39,7 +39,7 @@ $(document).ready(function() {
      }, {
        "data": 'mac',
        "render": function(data, type, row, meta) {
-          return '<a href="[% search_node %]&q=' + encodeURIComponent(data) + '">' + he.encode(data.toUpperCase()) + '</a>';
+          return '<a href="[% search_node | none %]&q=' + encodeURIComponent(data) + '">' + he.encode(data.toUpperCase()) + '</a>';
        }
      }, {
        "data": 'nbname',
@@ -48,7 +48,7 @@ $(document).ready(function() {
          if (row.domain) {
            prefix = '\\\\' + row.domain + '\\';
          }
-          return he.encode(prefix) + '<a href="[% search_node %]&q=' + encodeURIComponent(data) + '">' + he.encode(data) + '</a>';
+          return he.encode(prefix) + '<a href="[% search_node | none %]&q=' + encodeURIComponent(data) + '">' + he.encode(data) + '</a>';
        }
      }, {
        "data": 'nbuser',
@@ -70,12 +70,12 @@ $(document).ready(function() {
    "order": [[0, "asc"], [5, "desc"]],
    [% ELSE %]
    "deferRender": true,
-    "data": [% results %],
+    "data": [% results | none %],
    "columns": [    
      {
        "data": 'domain',
        "render": function(data, type, row, meta) {
-          return '<a href="[% uri_for('/report/netbios') %]?domain=' + encodeURIComponent(data || 'blank') + '">' + he.encode(data || '(Blank Domain)') + '</a>';
+          return '<a href="[% uri_for('/report/netbios') | none %]?domain=' + encodeURIComponent(data || 'blank') + '">' + he.encode(data || '(Blank Domain)') + '</a>';
        }
      }, {
        "data": 'count',