Mercurial > p > roundup > code

view website/www/_templates/layout.html @ 4880:ca692423e401

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Different approach to fix XSS in issue2550817 Encapsulate the error/ok message append method as add_ok_message and add_error_message. The new approach escapes the messages when appending -- at a point in the code where we still know where the message comes from. Escaping is the default but can bei turned off. This also fixes issue2550836 where certain messages may contain links. Another advantage of the new fix is that users don't need to change installed trackers and are secure by default.
author Ralf Schlatterbeck <rsc@runtux.com>
date Mon, 31 Mar 2014 18:19:23 +0200
parents c84dbc205b57
children c2fd254c9257
line wrap: on
line source

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    {{ metatags }}
    {%- if builder != 'htmlhelp' %}
      {%- set titlesuffix = docstitle|e %}
      {%- set titlesuffix = " - " + titlesuffix %}
    {%- endif %}
    <title>{{ title|striptags }}{{ titlesuffix }}</title>
    {%- if builder == 'web' %}
    <link rel="stylesheet" href="{{ pathto('index') }}?do=stylesheet{%
      if in_admin_panel %}&admin=yes{% endif %}" type="text/css" />
    {%- for link, type, title in page_links %}
    <link rel="alternate" type="{{ type|e(true) }}" title="{{ title|e(true) }}" href="{{ link|e(true) }}" />
    {%- endfor %}
    {%- else %}
    <link rel="stylesheet" href="{{ pathto('_static/style.css', 1) }}" type="text/css" />
    <link rel="stylesheet" href="{{ pathto('_static/pygments.css', 1) }}" type="text/css" />

    {%- endif %}
    {%- if builder != 'htmlhelp' %}
    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
          URL_ROOT:    '{{ pathto("", 1) }}',
          VERSION:     '{{ release|e }}',
          COLLAPSE_MODINDEX: false,
          FILE_SUFFIX: '{{ file_suffix }}'
      };
    </script>
    {%- for scriptfile in script_files %}
    <script type="text/javascript" src="{{ pathto(scriptfile, 1) }}"></script>
    {%- endfor %}
    {%- if use_opensearch %}
    <link rel="search" type="application/opensearchdescription+xml"
          title="{% trans docstitle=docstitle|e %}Search within {{ docstitle }}{% endtrans %}"
          href="{{ pathto('_static/opensearch.xml', 1) }}"/>
    {%- endif %}
    {%- if favicon %}
    <link rel="shortcut icon" href="{{ pathto('_static/' + favicon, 1) }}"/>
    {%- endif %}
    {%- endif %}
{%- block linktags %}
    {%- if hasdoc('about') %}
    <link rel="author" title="{{ _('About these documents') }}" href="{{ pathto('about') }}" />
    {%- endif %}
    <link rel="index" title="{{ _('Index') }}" href="{{ pathto('genindex') }}" />
    <link rel="search" title="{{ _('Search') }}" href="{{ pathto('search') }}" />
    {%- if hasdoc('copyright') %}
    <link rel="copyright" title="{{ _('Copyright') }}" href="{{ pathto('copyright') }}" />
    {%- endif %}
    <link rel="top" title="{{ docstitle|e }}" href="{{ pathto('index') }}" />
    {%- if parents %}
    <link rel="up" title="{{ parents[-1].title|striptags }}" href="{{ parents[-1].link|e }}" />
    {%- endif %}
    {%- if next %}
    <link rel="next" title="{{ next.title|striptags }}" href="{{ next.link|e }}" />
    {%- endif %}
    {%- if prev %}
    <link rel="prev" title="{{ prev.title|striptags }}" href="{{ prev.link|e }}" />
    {%- endif %}
{%- endblock %}
{%- block extrahead %} {% endblock %}
  </head>
  <body>
    <div class="header"><h1>Roundup</h1>
      {%- if pagename != "search" %}
        <div id="searchbox" style="display: none">
          <form class="search" action="{{ pathto('search') }}" method="get">
            <input type="text" name="q" size="18" />
            <input type="submit" value="{{ _('Search') }}" />
            <input type="hidden" name="check_keywords" value="yes" />
            <input type="hidden" name="area" value="default" />
          </form>
        </div>
        <script type="text/javascript">$('#searchbox').show(0);</script>
      {%- endif %}
    </div>
    <div class="navigation">
      <div class="menu">
       {{ toctree() }}
      </div>
      <script type="text/javascript" src="http://www.ohloh.net/p/488/widgets/project_users_logo.js"></script>
    </div>
    <div class="content">
       {% block body %} {% endblock %}
    </div>
{%- block footer %}
    <div class="footer">
      <div>
      {%- if show_source and has_source and sourcename %}
        <span class="source">[<a href="{{ pathto('_sources/' + sourcename, true)|e }}" rel="nofollow">{{ _('page source') }}</a>]</span>
      {%- endif %}
      {%- if hasdoc('copyright') %}
        {% trans path=pathto('copyright'), copyright=copyright|e %}&copy; <a href="{{ path }}">Copyright</a> {{ copyright }}.{% endtrans %}
      {%- else %}
        {% trans copyright=copyright|e %}&copy; Copyright {{ copyright }}.{% endtrans %}
      {%- endif %}
      </div>
      <div>
      {%- if last_updated %}
        {% trans last_updated=last_updated|e %}Last updated on {{ last_updated }}.{% endtrans %}
      {%- endif %}
      <span>Hosted by <a href="http://sourceforge.net"><img src="http://sflogo.sourceforge.net/sflogo.php?group_id=31577&amp;type=1" width="88" height="31" border="0" alt="SourceForge.net Logo" /></a></span>
      </div>
    </div>
{%- endblock %}
  </body>
</html>
Roundup Issue Tracker: http://roundup-tracker.org/