Browse Source

Apply proper HTML escaping

Alois Mahdal 6 years ago
parent
commit
816726c41b
1 changed files with 6 additions and 6 deletions
  1. 6
    6
      src/jinja2/html.j2

+ 6
- 6
src/jinja2/html.j2 View File

2
 <div class="event assert v_{{A.verdict}}">
2
 <div class="event assert v_{{A.verdict}}">
3
     &nbsp;
3
     &nbsp;
4
     <div class="hint">
4
     <div class="hint">
5
-        <span class="verdict">{{A.verdict}}</span>{{A.hint}}
5
+        <span class="verdict">{{A.verdict}}</span>{{A.hint|e}}
6
     </div>
6
     </div>
7
-    {% if A.data %}<pre class="data">{{A.data}}</pre>{% endif %}
7
+    {% if A.data %}<pre class="data">{{A.data|e}}</pre>{% endif %}
8
  </div>
8
  </div>
9
 {%- endmacro %}
9
 {%- endmacro %}
10
 
10
 
11
 {% macro message(M) -%}
11
 {% macro message(M) -%}
12
 <div class="event message s_{{M.severity}}">
12
 <div class="event message s_{{M.severity}}">
13
     <div class="severity">{{M.severity}}</div>
13
     <div class="severity">{{M.severity}}</div>
14
-    <pre class="message">{{M.message}}</pre>
15
-    {% if M.data %}<pre class="data">{{M.data}}</pre>{% endif %}
14
+    <pre class="message">{{M.message|e}}</pre>
15
+    {% if M.data %}<pre class="data">{{M.data|e}}</pre>{% endif %}
16
  </div>
16
  </div>
17
 {%- endmacro %}
17
 {%- endmacro %}
18
 
18
 
19
 {% macro phase(P) -%}
19
 {% macro phase(P) -%}
20
 <div class="phase v_{{P.verdict}}">
20
 <div class="phase v_{{P.verdict}}">
21
     <div class="name p_{{P.type}}">
21
     <div class="name p_{{P.type}}">
22
-        <span class="verdict">{{P.verdict}}</span>{{P.name}}
22
+        <span class="verdict">{{P.verdict}}</span>{{P.name|e}}
23
     </div>
23
     </div>
24
     {% for e in P.children %}
24
     {% for e in P.children %}
25
         {% if e.is_assert %}
25
         {% if e.is_assert %}
69
 
69
 
70
         <div class="lints">
70
         <div class="lints">
71
             {% for lint in session.lints %}
71
             {% for lint in session.lints %}
72
-                <div class="lint">{{ lint.msg }} <code>{{ lint._data }}</code></div>
72
+                <div class="lint">{{ lint.msg|e }} <code>{{ lint._data|e }}</code></div>
73
             {% endfor %}
73
             {% endfor %}
74
         </div>
74
         </div>
75
 
75