annotate mercurial/templates/spartan/graph.tmpl @ 18526:9409aeaafdc1 stable

hgweb: urlescape all urls, HTML escape repo/tag/branch/... names Without this, repository paths or names containing e.g. & characters or html tags yielded strange results, possibly allowing cross-site scripting attacks.
author Thomas Arendsen Hein <thomas@intevation.de>
date Fri, 01 Feb 2013 20:43:35 +0100
parents 7bf412b767fe
children 1cac419ab831
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
8431
5c1aabc58004 spartan: use newer template syntax everywhere
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8357
diff changeset
1 {header}
5c1aabc58004 spartan: use newer template syntax everywhere
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8357
diff changeset
2 <title>{repo|escape}: graph</title>
7338
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
3 <link rel="alternate" type="application/atom+xml"
18526
9409aeaafdc1 hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Thomas Arendsen Hein <thomas@intevation.de>
parents: 18259
diff changeset
4 href="{url|urlescape}atom-tags" title="Atom feed for {repo|escape}: tags">
7338
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
5 <link rel="alternate" type="application/rss+xml"
18526
9409aeaafdc1 hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Thomas Arendsen Hein <thomas@intevation.de>
parents: 18259
diff changeset
6 href="{url|urlescape}rss-tags" title="RSS feed for {repo|escape}: tags">
9409aeaafdc1 hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Thomas Arendsen Hein <thomas@intevation.de>
parents: 18259
diff changeset
7 <!--[if IE]><script type="text/javascript" src="{staticurl|urlescape}excanvas.js"></script><![endif]-->
7338
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
8 </head>
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
9 <body>
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
10
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
11 <div class="buttons">
18526
9409aeaafdc1 hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Thomas Arendsen Hein <thomas@intevation.de>
parents: 18259
diff changeset
12 <a href="{url|urlescape}log{sessionvars%urlparameter}">changelog</a>
9409aeaafdc1 hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Thomas Arendsen Hein <thomas@intevation.de>
parents: 18259
diff changeset
13 <a href="{url|urlescape}shortlog{sessionvars%urlparameter}">shortlog</a>
9409aeaafdc1 hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Thomas Arendsen Hein <thomas@intevation.de>
parents: 18259
diff changeset
14 <a href="{url|urlescape}tags{sessionvars%urlparameter}">tags</a>
9409aeaafdc1 hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Thomas Arendsen Hein <thomas@intevation.de>
parents: 18259
diff changeset
15 <a href="{url|urlescape}branches{sessionvars%urlparameter}">branches</a>
9409aeaafdc1 hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Thomas Arendsen Hein <thomas@intevation.de>
parents: 18259
diff changeset
16 <a href="{url|urlescape}file/{node|short}/{sessionvars%urlparameter}">files</a>
9409aeaafdc1 hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Thomas Arendsen Hein <thomas@intevation.de>
parents: 18259
diff changeset
17 <a href="{url|urlescape}help{sessionvars%urlparameter}">help</a>
7338
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
18 </div>
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
19
18259
7bf412b767fe hgweb, spartan: add "URL breadcrumbs"
Angel Ezquerra <angel.ezquerra at gmail.com>
parents: 17580
diff changeset
20 <h2><a href="/">Mercurial</a> {pathdef%breadcrumb} / graph</h2>
7338
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
21
18526
9409aeaafdc1 hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Thomas Arendsen Hein <thomas@intevation.de>
parents: 18259
diff changeset
22 <form action="{url|urlescape}log">
7338
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
23 {sessionvars%hiddenformentry}
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
24 <p>
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
25 <label for="search1">search:</label>
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
26 <input name="rev" id="search1" type="text" size="30">
10254
8d5de52431f2 hgweb: changenav: separate pages before and after the current position
Nicolas Dumazet <nicdumz.commits@gmail.com>
parents: 9999
diff changeset
27 navigate: <small class="navigate">{changenav%navgraph}</small>
7338
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
28 </p>
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
29 </form>
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
30
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
31 <noscript>The revision graph only works with JavaScript-enabled browsers.</noscript>
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
32
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
33 <div id="wrapper">
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
34 <ul id="nodebgs"></ul>
13610
7359cb753a54 templates: widen the graph canvas (issue2683)
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 12680
diff changeset
35 <canvas id="graph" width="480" height="{canvasheight}"></canvas>
7338
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
36 <ul id="graphnodes"></ul>
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
37 </div>
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
38
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
39 <script type="text/javascript">
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
40 <!-- hide script content
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
41
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
42 var data = {jsdata|json};
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
43 var graph = new Graph();
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
44 graph.scale({bg_height});
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
45
10856
b07bd417115b templates: escape javascript braces
Matt Mackall <mpm@selenic.com>
parents: 10278
diff changeset
46 graph.vertex = function(x, y, color, parity, cur) \{
7338
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
47
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
48 this.ctx.beginPath();
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
49 color = this.setColor(color, 0.25, 0.75);
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
50 this.ctx.arc(x, y, radius, 0, Math.PI * 2, true);
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
51 this.ctx.fill();
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
52
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
53 var bg = '<li class="bg parity' + parity + '"></li>';
17580
ffe3630cb243 hgweb: fix incorrect graph padding calculation (issue3626)
Tim Delaney <timothy.c.delaney@gmail.com>
parents: 17421
diff changeset
54 var left = (this.bg_height - this.box_size) + (this.columns + 1) * this.box_size;
7338
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
55 var nstyle = 'padding-left: ' + left + 'px;';
17421
3eb85477c0d9 hgweb: avoid bad $$ processing in graph (issue3601)
Mads Kiilerich <mads@kiilerich.com>
parents: 16137
diff changeset
56 var item = '<li style="' + nstyle + '"><span class="desc">';
18526
9409aeaafdc1 hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Thomas Arendsen Hein <thomas@intevation.de>
parents: 18259
diff changeset
57 item += '<a href="{url|urlescape}rev/' + cur[0] + '{sessionvars%urlparameter}" title="' + cur[0] + '">' + cur[3] + '</a>';
17421
3eb85477c0d9 hgweb: avoid bad $$ processing in graph (issue3601)
Mads Kiilerich <mads@kiilerich.com>
parents: 16137
diff changeset
58 item += '</span><span class="info">' + cur[5] + ', by ' + cur[4] + '</span></li>';
3eb85477c0d9 hgweb: avoid bad $$ processing in graph (issue3601)
Mads Kiilerich <mads@kiilerich.com>
parents: 16137
diff changeset
59
7338
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
60 return [bg, item];
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
61
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
62 }
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
63
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
64 graph.render(data);
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
65
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
66 // stop hiding script -->
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
67 </script>
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
68
18526
9409aeaafdc1 hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Thomas Arendsen Hein <thomas@intevation.de>
parents: 18259
diff changeset
69 <form action="{url|urlescape}log">
7338
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
70 {sessionvars%hiddenformentry}
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
71 <p>
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
72 <label for="search1">search:</label>
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
73 <input name="rev" id="search1" type="text" size="30">
10254
8d5de52431f2 hgweb: changenav: separate pages before and after the current position
Nicolas Dumazet <nicdumz.commits@gmail.com>
parents: 9999
diff changeset
74 navigate: <small class="navigate">{changenav%navgraph}</small>
7338
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
75 </p>
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
76 </form>
fecfe4392e94 hgweb: move old style to spartan/
Matt Mackall <mpm@selenic.com>
parents:
diff changeset
77
8431
5c1aabc58004 spartan: use newer template syntax everywhere
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8357
diff changeset
78 {footer}