Mercurial > p > roundup > code
annotate website/www/_templates/layout.html @ 4880:ca692423e401
Different approach to fix XSS in issue2550817
Encapsulate the error/ok message append method as add_ok_message and
add_error_message. The new approach escapes the messages when appending
-- at a point in the code where we still know where the message comes
from. Escaping is the default but can bei turned off. This also fixes
issue2550836 where certain messages may contain links.
Another advantage of the new fix is that users don't need to change
installed trackers and are secure by default.
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Mon, 31 Mar 2014 18:19:23 +0200 |
| parents | c84dbc205b57 |
| children | c2fd254c9257 |
| rev | line source |
|---|---|
|
4022
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
3 <html xmlns="http://www.w3.org/1999/xhtml"> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
4 <head> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
5 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
6 {{ metatags }} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
7 {%- if builder != 'htmlhelp' %} |
|
4028
5058b51243c2
don't escape the mdash
Richard Jones <richard@users.sourceforge.net>
parents:
4022
diff
changeset
|
8 {%- set titlesuffix = docstitle|e %} |
|
4548
b19488f673ed
fix that damned mdash; thanks John Kristensen
Richard Jones <richard@users.sourceforge.net>
parents:
4404
diff
changeset
|
9 {%- set titlesuffix = " - " + titlesuffix %} |
|
4022
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
10 {%- endif %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
11 <title>{{ title|striptags }}{{ titlesuffix }}</title> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
12 {%- if builder == 'web' %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
13 <link rel="stylesheet" href="{{ pathto('index') }}?do=stylesheet{% |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
14 if in_admin_panel %}&admin=yes{% endif %}" type="text/css" /> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
15 {%- for link, type, title in page_links %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
16 <link rel="alternate" type="{{ type|e(true) }}" title="{{ title|e(true) }}" href="{{ link|e(true) }}" /> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
17 {%- endfor %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
18 {%- else %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
19 <link rel="stylesheet" href="{{ pathto('_static/style.css', 1) }}" type="text/css" /> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
20 <link rel="stylesheet" href="{{ pathto('_static/pygments.css', 1) }}" type="text/css" /> |
|
4397
86a864e36331
add json awesomeness
Richard Jones <richard@users.sourceforge.net>
parents:
4138
diff
changeset
|
21 |
|
4022
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
22 {%- endif %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
23 {%- if builder != 'htmlhelp' %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
24 <script type="text/javascript"> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
25 var DOCUMENTATION_OPTIONS = { |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
26 URL_ROOT: '{{ pathto("", 1) }}', |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
27 VERSION: '{{ release|e }}', |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
28 COLLAPSE_MODINDEX: false, |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
29 FILE_SUFFIX: '{{ file_suffix }}' |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
30 }; |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
31 </script> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
32 {%- for scriptfile in script_files %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
33 <script type="text/javascript" src="{{ pathto(scriptfile, 1) }}"></script> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
34 {%- endfor %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
35 {%- if use_opensearch %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
36 <link rel="search" type="application/opensearchdescription+xml" |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
37 title="{% trans docstitle=docstitle|e %}Search within {{ docstitle }}{% endtrans %}" |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
38 href="{{ pathto('_static/opensearch.xml', 1) }}"/> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
39 {%- endif %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
40 {%- if favicon %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
41 <link rel="shortcut icon" href="{{ pathto('_static/' + favicon, 1) }}"/> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
42 {%- endif %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
43 {%- endif %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
44 {%- block linktags %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
45 {%- if hasdoc('about') %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
46 <link rel="author" title="{{ _('About these documents') }}" href="{{ pathto('about') }}" /> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
47 {%- endif %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
48 <link rel="index" title="{{ _('Index') }}" href="{{ pathto('genindex') }}" /> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
49 <link rel="search" title="{{ _('Search') }}" href="{{ pathto('search') }}" /> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
50 {%- if hasdoc('copyright') %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
51 <link rel="copyright" title="{{ _('Copyright') }}" href="{{ pathto('copyright') }}" /> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
52 {%- endif %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
53 <link rel="top" title="{{ docstitle|e }}" href="{{ pathto('index') }}" /> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
54 {%- if parents %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
55 <link rel="up" title="{{ parents[-1].title|striptags }}" href="{{ parents[-1].link|e }}" /> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
56 {%- endif %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
57 {%- if next %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
58 <link rel="next" title="{{ next.title|striptags }}" href="{{ next.link|e }}" /> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
59 {%- endif %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
60 {%- if prev %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
61 <link rel="prev" title="{{ prev.title|striptags }}" href="{{ prev.link|e }}" /> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
62 {%- endif %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
63 {%- endblock %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
64 {%- block extrahead %} {% endblock %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
65 </head> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
66 <body> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
67 <div class="header"><h1>Roundup</h1> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
68 {%- if pagename != "search" %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
69 <div id="searchbox" style="display: none"> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
70 <form class="search" action="{{ pathto('search') }}" method="get"> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
71 <input type="text" name="q" size="18" /> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
72 <input type="submit" value="{{ _('Search') }}" /> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
73 <input type="hidden" name="check_keywords" value="yes" /> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
74 <input type="hidden" name="area" value="default" /> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
75 </form> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
76 </div> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
77 <script type="text/javascript">$('#searchbox').show(0);</script> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
78 {%- endif %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
79 </div> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
80 <div class="navigation"> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
81 <div class="menu"> |
|
4138
0bc287f7559e
Adjust to sphinx 0.6.2.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
4028
diff
changeset
|
82 {{ toctree() }} |
|
4022
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
83 </div> |
|
4404
77b172f32430
use rst again
Richard Jones <richard@users.sourceforge.net>
parents:
4397
diff
changeset
|
84 <script type="text/javascript" src="http://www.ohloh.net/p/488/widgets/project_users_logo.js"></script> |
|
4022
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
85 </div> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
86 <div class="content"> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
87 {% block body %} {% endblock %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
88 </div> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
89 {%- block footer %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
90 <div class="footer"> |
|
4821
c84dbc205b57
website: Save some vertical space in footer
anatoly techtonik <techtonik@gmail.com>
parents:
4548
diff
changeset
|
91 <div> |
|
c84dbc205b57
website: Save some vertical space in footer
anatoly techtonik <techtonik@gmail.com>
parents:
4548
diff
changeset
|
92 {%- if show_source and has_source and sourcename %} |
|
c84dbc205b57
website: Save some vertical space in footer
anatoly techtonik <techtonik@gmail.com>
parents:
4548
diff
changeset
|
93 <span class="source">[<a href="{{ pathto('_sources/' + sourcename, true)|e }}" rel="nofollow">{{ _('page source') }}</a>]</span> |
|
c84dbc205b57
website: Save some vertical space in footer
anatoly techtonik <techtonik@gmail.com>
parents:
4548
diff
changeset
|
94 {%- endif %} |
|
4022
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
95 {%- if hasdoc('copyright') %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
96 {% trans path=pathto('copyright'), copyright=copyright|e %}© <a href="{{ path }}">Copyright</a> {{ copyright }}.{% endtrans %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
97 {%- else %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
98 {% trans copyright=copyright|e %}© Copyright {{ copyright }}.{% endtrans %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
99 {%- endif %} |
|
4821
c84dbc205b57
website: Save some vertical space in footer
anatoly techtonik <techtonik@gmail.com>
parents:
4548
diff
changeset
|
100 </div> |
|
c84dbc205b57
website: Save some vertical space in footer
anatoly techtonik <techtonik@gmail.com>
parents:
4548
diff
changeset
|
101 <div> |
|
4022
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
102 {%- if last_updated %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
103 {% trans last_updated=last_updated|e %}Last updated on {{ last_updated }}.{% endtrans %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
104 {%- endif %} |
|
4821
c84dbc205b57
website: Save some vertical space in footer
anatoly techtonik <techtonik@gmail.com>
parents:
4548
diff
changeset
|
105 <span>Hosted by <a href="http://sourceforge.net"><img src="http://sflogo.sourceforge.net/sflogo.php?group_id=31577&type=1" width="88" height="31" border="0" alt="SourceForge.net Logo" /></a></span> |
|
c84dbc205b57
website: Save some vertical space in footer
anatoly techtonik <techtonik@gmail.com>
parents:
4548
diff
changeset
|
106 </div> |
|
4022
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
107 </div> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
108 {%- endblock %} |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
109 </body> |
|
d62831da3941
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
110 </html> |