135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enforce escaping on all template content

Browse Source
This commit is contained in:
Oliver Gorwits
2019-09-23 14:22:00 +01:00
parent 5f378a39ea
commit deb9b62c7f
77 changed files with 392 additions and 387 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
share/views/device.tt
View File

@@ -13,18 +13,18 @@
</a>
<div class="tab-content">
[% FOREACH tab IN settings._device_tabs %]
<div id="[% tab.tag %]_search" class="tab-pane [% 'active' IF params.tab == tab.tag %]">
<form id="[% tab.tag %]_form" class="nd_sidebar-form form-stacked"
method="get" action="[% uri_for('/device') %]">
<input name="tab" value="[% tab.tag %]" type="hidden"/>
<div id="[% tab.tag | html_entity %]_search" class="tab-pane [% 'active' IF params.tab == tab.tag %]">
<form id="[% tab.tag | html_entity %]_form" class="nd_sidebar-form form-stacked"
method="get" action="[% uri_for('/device') | none %]">
<input name="tab" value="[% tab.tag | html_entity %]" type="hidden"/>
[% TRY %]
<script type="text/javascript">has_sidebar["[% tab.tag %]"] = 1;</script>
<script type="text/javascript">has_sidebar["[% tab.tag | html_entity %]"] = 1;</script>
[% INCLUDE "sidebar/device/${tab.tag}.tt" %]
[% CATCH %]
<!-- no "[% tab.tag %]" search options -->
<!-- no "[% tab.tag | html_entity %]" search options -->
<input name="q" value="[% params.q | html_entity %]" type="hidden"/>
<input name="f" value="[% params.f | html_entity %]" type="hidden"/>
<script type="text/javascript">has_sidebar["[% tab.tag %]"] = 0;</script>
<script type="text/javascript">has_sidebar["[% tab.tag | html_entity %]"] = 0;</script>
[% END %]
</form>
</div> <!-- /tab-pane -->
@@ -36,7 +36,7 @@
<div class="content">
<ul id="nd_search-results" class="nav nav-tabs">
[% FOREACH tab IN settings._device_tabs %]
<li[% ' class="active"' IF params.tab == tab.tag %]><a id="[% tab.tag %]_link" href="#[% tab.tag %]_pane">[% tab.label %]</a></li>
<li[% ' class="active"' IF params.tab == tab.tag %]><a id="[% tab.tag | html_entity %]_link" href="#[% tab.tag | html_entity %]_pane">[% tab.label | html_entity %]</a></li>
[% END %]
<span id="nd_device-name">
[% display_name | html_entity %]
@@ -47,7 +47,7 @@
</ul>
<div class="tab-content">
[% FOREACH tab IN settings._device_tabs %]
<div class="tab-pane[% ' active' IF params.tab == tab.tag %]" id="[% tab.tag %]_pane"></div>
<div class="tab-pane[% ' active' IF params.tab == tab.tag %]" id="[% tab.tag | html_entity %]_pane"></div>
[% END %]
</div>
</div>