Mercurial > hg-stable
view mercurial/templates/spartan/manifest.tmpl @ 18526:9409aeaafdc1 stable
hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Without this, repository paths or names containing e.g. & characters or html
tags yielded strange results, possibly allowing cross-site scripting attacks.
author | Thomas Arendsen Hein <thomas@intevation.de> |
---|---|
date | Fri, 01 Feb 2013 20:43:35 +0100 |
parents | 580274a1f1c2 |
children | 1cac419ab831 |
line wrap: on
line source
{header} <title>{repo|escape}: files for changeset {node|short}</title> </head> <body> <div class="buttons"> <a href="{url|urlescape}log/{rev}{sessionvars%urlparameter}">changelog</a> <a href="{url|urlescape}shortlog/{rev}{sessionvars%urlparameter}">shortlog</a> <a href="{url|urlescape}graph{sessionvars%urlparameter}">graph</a> <a href="{url|urlescape}tags{sessionvars%urlparameter}">tags</a> <a href="{url|urlescape}branches{sessionvars%urlparameter}">branches</a> <a href="{url|urlescape}rev/{node|short}{sessionvars%urlparameter}">changeset</a> {archives%archiveentry} <a href="{url|urlescape}help{sessionvars%urlparameter}">help</a> </div> <h2><a href="/">Mercurial</a> {pathdef%breadcrumb} / files for changeset <a href="{url|urlescape}rev/{node|short}">{node|short}</a>: {path|escape}</h2> <table cellpadding="0" cellspacing="0"> <tr class="parity{upparity}"> <td><tt>drwxr-xr-x</tt> <td> <td> <td><a href="{url|urlescape}file/{node|short}{up|urlescape}{sessionvars%urlparameter}">[up]</a> </tr> {dentries%direntry} {fentries%fileentry} </table> {footer}