135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enforce escaping on all template content

Browse Source
This commit is contained in:
Oliver Gorwits
2019-09-23 14:22:00 +01:00
parent 5f378a39ea
commit deb9b62c7f
77 changed files with 392 additions and 387 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
share/views/report.tt
View File

@@ -9,14 +9,14 @@
rel="tooltip" data-placement="left" data-offset="5" data-title="Unpin Sidebar" data-container="body"></i>
<div class="tab-content">
<div id="[% report.tag %]_search" class="tab-pane active">
<form id="[% report.tag %]_form" class="nd_sidebar-form form-stacked"
method="get" action="[% uri_for('/report') %]">
<div id="[% report.tag | html_entity %]_search" class="tab-pane active">
<form id="[% report.tag | html_entity %]_form" class="nd_sidebar-form form-stacked"
method="get" action="[% uri_for('/report') | none %]">
[% TRY %]
<script type="text/javascript">has_sidebar["[% report.tag %]"] = 1;</script>
<script type="text/javascript">has_sidebar["[% report.tag | html_entity %]"] = 1;</script>
[% INCLUDE "sidebar/report/${report.tag}.tt" %]
[% CATCH %]
<script type="text/javascript">has_sidebar["[% report.tag %]"] = 0;</script>
<script type="text/javascript">has_sidebar["[% report.tag | html_entity %]"] = 0;</script>
[% INCLUDE "sidebar/report/generic_report.tt" %]
[% END %]
</form>
@@ -27,13 +27,13 @@
<div class="content">
<ul id="nd_search-results" class="nav nav-tabs">
<li class="active"><a id="[% report.tag %]_link" class="nd_single-tab"
href="#[% report.tag %]_pane">[% report.label %]</a></li>
<li class="active"><a id="[% report.tag | html_entity %]_link" class="nd_single-tab"
href="#[% report.tag | html_entity %]_pane">[% report.label | html_entity %]</a></li>
[% IF report.tag == 'portlog' %]
<span id="nd_device-name">
<a href="[% device_ports %]&q=[% params.q | uri %]">[% params.q %]</a>
<a href="[% device_ports | none %]&q=[% params.q | uri %]">[% params.q | html_entity %]</a>
-
<a href="[% device_ports %]&q=[% params.q | uri %]&f=[% params.f | uri %]">[% params.f %]</a>
<a href="[% device_ports | none %]&q=[% params.q | uri %]&f=[% params.f | uri %]">[% params.f | html_entity %]</a>
</span>
[% ELSIF report.provides_csv %]
<span id="nd_device-name">
@@ -44,7 +44,7 @@
[% END %]
</ul>
<div class="tab-content">
<div class="tab-pane active" id="[% report.tag %]_pane"></div>
<div class="tab-pane active" id="[% report.tag | html_entity %]_pane"></div>
</div>
</div>