@@ -144,7 +144,7 @@ class RepoGroupsController(BaseControlle
repo_groups_data.append({
"raw_name": repo_gr.group_name,
"group_name": repo_group_name(repo_gr.group_name, children_groups),
"desc": repo_gr.group_description,
"desc": h.escape(repo_gr.group_description),
"repos": repo_count,
"owner": h.person(repo_gr.user),
"action": repo_group_actions(repo_gr.group_id, repo_gr.group_name,
@@ -113,7 +113,7 @@ class UserGroupsController(BaseControlle
"raw_name": user_gr.users_group_name,
"group_name": user_group_name(user_gr.users_group_id,
user_gr.users_group_name),
"desc": user_gr.user_group_description,
"desc": h.escape(user_gr.user_group_description),
"members": len(user_gr.members),
"active": h.boolicon(user_gr.users_group_active),
"owner": h.person(user_gr.user.username),
@@ -96,8 +96,8 @@ class UsersController(BaseController):
"gravatar": grav_tmpl % h.gravatar(user.email, size=20),
"raw_name": user.username,
"username": username(user.user_id, user.username),
"firstname": user.name,
"lastname": user.lastname,
"firstname": h.escape(user.name),
"lastname": h.escape(user.lastname),
"last_login": h.fmt_date(user.last_login),
"last_login_raw": datetime_to_time(user.last_login),
"active": h.boolicon(user.active),
@@ -138,8 +138,8 @@ class RepoModel(BaseModel):
return json.dumps([
{
'id': u.user_id,
'fname': u.name,
'lname': u.lastname,
'fname': h.escape(u.name),
'lname': h.escape(u.lastname),
'nname': u.username,
'gravatar_lnk': h.gravatar_url(u.email, size=28),
'gravatar_size': 14,
@@ -210,9 +210,9 @@ class RepoModel(BaseModel):
def desc(desc):
if c.visual.stylify_metatags:
return h.urlify_text(h.desc_stylize(h.truncate(desc, 60)))
return h.urlify_text(h.desc_stylize(h.escape(h.truncate(desc, 60))))
else:
return h.urlify_text(h.truncate(desc, 60))
return h.urlify_text(h.escape(h.truncate(desc, 60)))
def state(repo_state):
return _render("repo_state", repo_state)
@@ -85,9 +85,9 @@ summary = lambda n:{False:'summary-short
<label>${_('Description')}:</label>
</div>
%if c.visual.stylify_metatags:
<div class="input ${summary(c.show_stats)} desc">${h.urlify_text(h.desc_stylize(c.db_repo.description))}</div>
<div class="input ${summary(c.show_stats)} desc">${h.urlify_text(h.desc_stylize(h.escape(c.db_repo.description)))}</div>
%else:
<div class="input ${summary(c.show_stats)} desc">${h.urlify_text(c.db_repo.description)}</div>
<div class="input ${summary(c.show_stats)} desc">${h.urlify_text(h.escape(c.db_repo.description))}</div>
%endif
Status change: