Enforce escaping on all template content

2019-09-23 14:22:00 +01:00
parent 5f378a39ea
commit deb9b62c7f
77 changed files with 392 additions and 387 deletions
--- a/share/views/ajax/report/subnets.tt
+++ b/share/views/ajax/report/subnets.tt
@@ -11,7 +11,7 @@
  <tbody>
    [% FOREACH row IN results %]
    <tr>
-      <td class="nd_center-cell"><a href="[% uri_for('/report/ipinventory') %]?subnet=[% row.subnet | uri %]&daterange=[% params.daterange | uri %]&age_invert=[% params.age_invert | uri %]&limit=[% row.subnet_size | uri %]">
+      <td class="nd_center-cell"><a href="[% uri_for('/report/ipinventory') | none %]?subnet=[% row.subnet | uri %]&daterange=[% params.daterange | uri %]&age_invert=[% params.age_invert | uri %]&limit=[% row.subnet_size | uri %]">
               [% row.subnet | html_entity %]</a></td>
      <td class="nd_center-cell">[% row.subnet_size | format_number %]</td>
      <td class="nd_center-cell">[% row.active | format_number %]</td>