templates: Hopefully escape all template inputs
This commit is contained in:
Janne Heß
@@ -14,7 +14,7 @@
|
||||
[% IF project.jobsets_rs.count > 1 %]
|
||||
<div class="dropdown-divider"></div>
|
||||
[% FOREACH j IN project.jobsets.sort('name'); IF j.name != jobset.name %]
|
||||
<a class="dropdown-item" href="?compare=[% j.name %]&full=[% full ? 1 : 0 %]">Jobset <tt>[% project.name %]:[% j.name %]</tt></a>
|
||||
<a class="dropdown-item" href="?compare=[% j.name | uri %]&full=[% full ? 1 : 0 %]">Jobset <tt>[% project.name | html %]:[% j.name | html %]</tt></a>
|
||||
[% END; END %]
|
||||
[% END %]
|
||||
</div>
|
||||
@@ -23,13 +23,13 @@
|
||||
<p>This evaluation was performed [% IF eval.flake %]from the flake
|
||||
<tt>[% HTML.escape(eval.flake) %]</tt>[% END %] on [% INCLUDE renderDateTime
|
||||
timestamp=eval.timestamp %]. Fetching the dependencies took [%
|
||||
eval.checkouttime %]s and evaluation took [% eval.evaltime %]s.</p>
|
||||
eval.checkouttime %]s and evaluation took [% HTML.escape(eval.evaltime) %]s.</p>
|
||||
|
||||
[% IF otherEval %]
|
||||
<p>Comparisons are relative to [% INCLUDE renderFullJobsetName
|
||||
project=otherEval.jobset.project.name jobset=otherEval.jobset.name %] evaluation <a [%
|
||||
HTML.attributes(href => c.uri_for(c.controller('JobsetEval').action_for('view'),
|
||||
[otherEval.id])) %]>[% otherEval.id %]</a>.</p>
|
||||
[otherEval.id])) %]>[% HTML.escape(otherEval.id) %]</a>.</p>
|
||||
[% END %]
|
||||
|
||||
<form>
|
||||
@@ -63,28 +63,28 @@ HTML.attributes(href => c.uri_for(c.controller('JobsetEval').action_for('view'),
|
||||
[% END %]
|
||||
|
||||
[% IF aborted.size > 0 %]
|
||||
<li class="nav-item"><a class="nav-link" href="#tabs-aborted" data-toggle="tab"><span class="text-warning">Aborted / Timed out Jobs ([% aborted.size %])</span></a></li>
|
||||
<li class="nav-item"><a class="nav-link" href="#tabs-aborted" data-toggle="tab"><span class="text-warning">Aborted / Timed out Jobs ([% HTML.escape(aborted.size) %])</span></a></li>
|
||||
[% END %]
|
||||
[% IF nowFail.size > 0 %]
|
||||
<li class="nav-item"><a class="nav-link" href="#tabs-now-fail" data-toggle="tab"><span class="text-warning">Newly Failing Jobs ([% nowFail.size %])</span></a></li>
|
||||
<li class="nav-item"><a class="nav-link" href="#tabs-now-fail" data-toggle="tab"><span class="text-warning">Newly Failing Jobs ([% HTML.escape(nowFail.size) %])</span></a></li>
|
||||
[% END %]
|
||||
[% IF nowSucceed.size > 0 %]
|
||||
<li class="nav-item"><a class="nav-link" href="#tabs-now-succeed" data-toggle="tab"><span class="text-success">Newly Succeeding Jobs ([% nowSucceed.size %])</span></a></li>
|
||||
<li class="nav-item"><a class="nav-link" href="#tabs-now-succeed" data-toggle="tab"><span class="text-success">Newly Succeeding Jobs ([% HTML.escape(nowSucceed.size) %])</span></a></li>
|
||||
[% END %]
|
||||
[% IF new.size > 0 %]
|
||||
<li class="nav-item"><a class="nav-link" href="#tabs-new" data-toggle="tab">New Jobs ([% new.size %])</a></li>
|
||||
<li class="nav-item"><a class="nav-link" href="#tabs-new" data-toggle="tab">New Jobs ([% HTML.escape(new.size) %])</a></li>
|
||||
[% END %]
|
||||
[% IF removed.size > 0 %]
|
||||
<li class="nav-item"><a class="nav-link" href="#tabs-removed" data-toggle="tab">Removed Jobs ([% removed.size %])</a></li>
|
||||
<li class="nav-item"><a class="nav-link" href="#tabs-removed" data-toggle="tab">Removed Jobs ([% HTML.escape(removed.size) %])</a></li>
|
||||
[% END %]
|
||||
[% IF stillFail.size > 0 %]
|
||||
<li class="nav-item"><a class="nav-link" href="#tabs-still-fail" data-toggle="tab">Still Failing Jobs ([% stillFail.size %])</a></li>
|
||||
<li class="nav-item"><a class="nav-link" href="#tabs-still-fail" data-toggle="tab">Still Failing Jobs ([% HTML.escape(stillFail.size) %])</a></li>
|
||||
[% END %]
|
||||
[% IF stillSucceed.size > 0 %]
|
||||
<li class="nav-item"><a class="nav-link" href="#tabs-still-succeed" data-toggle="tab">Still Succeeding Jobs ([% stillSucceed.size %])</a></li>
|
||||
<li class="nav-item"><a class="nav-link" href="#tabs-still-succeed" data-toggle="tab">Still Succeeding Jobs ([% HTML.escape(stillSucceed.size) %])</a></li>
|
||||
[% END %]
|
||||
[% IF unfinished.size > 0 %]
|
||||
<li class="nav-item"><a class="nav-link" href="#tabs-unfinished" data-toggle="tab">Queued Jobs ([% unfinished.size %])</a></li>
|
||||
<li class="nav-item"><a class="nav-link" href="#tabs-unfinished" data-toggle="tab">Queued Jobs ([% HTML.escape(unfinished.size) %])</a></li>
|
||||
[% END %]
|
||||
<li class="nav-item"><a class="nav-link" href="#tabs-inputs" data-toggle="tab">Inputs</a></li>
|
||||
|
||||
@@ -132,7 +132,7 @@ HTML.attributes(href => c.uri_for(c.controller('JobsetEval').action_for('view'),
|
||||
[% FOREACH j IN removed.slice(0,(size > max ? max : size) - 1) %]
|
||||
<tr>
|
||||
<td>[% INCLUDE renderJobName project=project.name jobset=jobset.name job=j.job %]</td>
|
||||
<td><tt>[% j.system %]</tt></td>
|
||||
<td><tt>[% j.system | html %]</tt></td>
|
||||
</tr>
|
||||
[% END %]
|
||||
[% IF size > max; params = c.req.params; params.full = 1 %]
|
||||
|
||||
Reference in New Issue
Block a user