templates: Hopefully escape all template inputs

src/root/jobset.tt

@@ -6,14 +6,14 @@
 
 
 [% BLOCK renderJobsetInput %]
-  <tr class="input [% extraClass %]" [% IF id %]id="[% id %]"[% END %]>
+  <tr class="input [% extraClass %]" [% IF id %][% HTML.attributes(id => id) %][% END %]>
     <td>
       <tt>[% HTML.escape(input.name) %]</tt>
     </td>
     <td>
       [% INCLUDE renderSelection curValue=input.type param="$baseName-type" options=inputTypes %]
     </td>
-    <td class="inputalts" id="[% baseName %]">
+    <td class="inputalts" [% HTML.attributes(id => baseName) %]>
       [% FOREACH alt IN input.search_related('jobsetinputalts', {}, { order_by => 'altnr' }) %]
         <tt class="inputalt">
           [% IF input.type == "string" %]
@@ -153,11 +153,11 @@
       [% END %]
       <tr>
         <th>Check interval:</th>
-        <td>[% jobset.checkinterval || "<em>disabled</em>"  %]</td>
+        <td>[% HTML.escape(jobset.checkinterval) || "<em>disabled</em>"  %]</td>
       </tr>
       <tr>
         <th>Scheduling shares:</th>
-        <td>[% jobset.schedulingshares %] [% IF totalShares %] ([% f = format("%.2f"); f(jobset.schedulingshares / totalShares * 100) %]% out of [% totalShares %] shares)[% END %]</td>
+        <td>[% HTML.escape(jobset.schedulingshares) %] [% IF totalShares %] ([% f = format("%.2f"); f(jobset.schedulingshares / totalShares * 100) %]% out of [% HTML.escape(totalShares) %] shares)[% END %]</td>
       </tr>
       <tr>
         <th>Enable Dynamic RunCommand Hooks:</th>
@@ -175,7 +175,7 @@
       [% END %]
       <tr>
         <th>Number of evaluations to keep:</th>
-        <td>[% jobset.keepnr %]</td>
+        <td>[% HTML.escape(jobset.keepnr) %]</td>
       </tr>
     </table>