templates: Hopefully escape all template inputs

2025-08-02 18:20:35 +02:00
parent 4125de8208
commit 4d2d0f9722
24 changed files with 116 additions and 116 deletions
--- a/src/root/evals.tt
+++ b/src/root/evals.tt
@@ -10,7 +10,7 @@
 [% PROCESS common.tt %]

 <p>Showing evaluations [% (page - 1) * resultsPerPage + 1 %] - [%
-(page - 1) * resultsPerPage + evals.size %] out of [% total %].</p>
+(page - 1) * resultsPerPage + evals.size %] out of [% HTML.escape(total) %].</p>

 [% INCLUDE renderEvals %]