Mercurial > p > roundup > code

changeset 3994:030ba81511ee

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix HTML injection into page title; also some other TAL cleanup
author Richard Jones <richard@users.sourceforge.net>
date Mon, 18 Aug 2008 06:37:15 +0000
parents 1eba65a4b0aa
children 6bd3df4356b1
files CHANGES.txt templates/classic/html/issue.item.html templates/classic/html/user.item.html templates/minimal/html/user.item.html
diffstat 4 files changed, 14 insertions(+), 13 deletions(-) [+]
line wrap: on
line diff
--- a/CHANGES.txt	Mon Aug 18 06:25:47 2008 +0000
+++ b/CHANGES.txt	Mon Aug 18 06:37:15 2008 +0000
@@ -22,6 +22,7 @@
 - Improved URL matching RE (sf #2038858)
 - Allow binary file content submission via XML-RPC (sf #1995623)
 - Don't run old code on newer database (sf #1979556)
+- Fix HTML injection into page title
 
 
 2008-03-01 1.4.4
--- a/templates/classic/html/issue.item.html	Mon Aug 18 06:25:47 2008 +0000
+++ b/templates/classic/html/issue.item.html	Mon Aug 18 06:37:15 2008 +0000
@@ -2,9 +2,9 @@
 <tal:block metal:use-macro="templates/page/macros/icing">
 <title metal:fill-slot="head_title">
 <tal:block condition="context/id" i18n:translate=""
- >Issue <span tal:replace="context/id" i18n:name="id"
- />: <span tal:replace="context/title" i18n:name="title"
- /> - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker"
+ >Issue <tal:x tal:content="context/id" i18n:name="id"
+ />: <tal:x content="context/title" i18n:name="title"
+ /> - <tal:x content="config/TRACKER_NAME" i18n:name="tracker"
 /></tal:block>
 <tal:block condition="not:context/id" i18n:translate=""
  >New Issue - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker"
@@ -122,10 +122,10 @@
 </tal:block>
 
 <p tal:condition="context/id" i18n:translate="">
- Created on <b><tal:x replace="context/creation" i18n:name="creation" /></b>
- by <b><tal:x replace="context/creator" i18n:name="creator" /></b>,
- last changed <b><tal:x replace="context/activity" i18n:name="activity" /></b>
- by <b><tal:x replace="context/actor" i18n:name="actor" /></b>.
+ Created on <b tal:content="context/creation" i18n:name="creation" />
+ by <b tal:content="context/creator" i18n:name="creator" />,
+ last changed <b content="context/activity" i18n:name="activity" />
+ by <b tal:content="context/actor" i18n:name="actor" />.
 </p>
 
 <table class="files" tal:condition="context/files">
--- a/templates/classic/html/user.item.html	Mon Aug 18 06:25:47 2008 +0000
+++ b/templates/classic/html/user.item.html	Mon Aug 18 06:37:15 2008 +0000
@@ -4,9 +4,9 @@
 >
 <title metal:fill-slot="head_title">
 <tal:if condition="context/id" i18n:translate=""
- >User <span tal:replace="context/id" i18n:name="id"
- />: <span tal:replace="context/username" i18n:name="title"
- /> - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker"
+ >User <tal:x content="context/id" i18n:name="id"
+ />: <tal:x content="context/username" i18n:name="title"
+ /> - <tal:x content="config/TRACKER_NAME" i18n:name="tracker"
 /></tal:if>
 <tal:if condition="not:context/id" i18n:translate=""
  >New User - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker"
--- a/templates/minimal/html/user.item.html	Mon Aug 18 06:25:47 2008 +0000
+++ b/templates/minimal/html/user.item.html	Mon Aug 18 06:37:15 2008 +0000
@@ -4,9 +4,9 @@
 >
 <title metal:fill-slot="head_title">
 <tal:if condition="context/id" i18n:translate=""
- >User <span tal:replace="context/id" i18n:name="id"
- />: <span tal:replace="context/username" i18n:name="title"
- /> - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker"
+ >User <tal:x content="context/id" i18n:name="id"
+ />: <tal:x content="context/username" i18n:name="title"
+ /> - <tal:x content="config/TRACKER_NAME" i18n:name="tracker"
 /></tal:if>
 <tal:if condition="not:context/id" i18n:translate=""
  >New User - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker"
Roundup Issue Tracker: http://roundup-tracker.org/