view mercurial/templates/spartan/manifest.tmpl @ 18526:9409aeaafdc1 stable

hgweb: urlescape all urls, HTML escape repo/tag/branch/... names Without this, repository paths or names containing e.g. & characters or html tags yielded strange results, possibly allowing cross-site scripting attacks.
author Thomas Arendsen Hein <thomas@intevation.de>
date Fri, 01 Feb 2013 20:43:35 +0100
parents 580274a1f1c2
children 1cac419ab831
line wrap: on
line source

{header}
<title>{repo|escape}: files for changeset {node|short}</title>
</head>
<body>

<div class="buttons">
<a href="{url|urlescape}log/{rev}{sessionvars%urlparameter}">changelog</a>
<a href="{url|urlescape}shortlog/{rev}{sessionvars%urlparameter}">shortlog</a>
<a href="{url|urlescape}graph{sessionvars%urlparameter}">graph</a>
<a href="{url|urlescape}tags{sessionvars%urlparameter}">tags</a>
<a href="{url|urlescape}branches{sessionvars%urlparameter}">branches</a>
<a href="{url|urlescape}rev/{node|short}{sessionvars%urlparameter}">changeset</a>
{archives%archiveentry}
<a href="{url|urlescape}help{sessionvars%urlparameter}">help</a>
</div>

<h2><a href="/">Mercurial</a> {pathdef%breadcrumb} / files for changeset <a href="{url|urlescape}rev/{node|short}">{node|short}</a>: {path|escape}</h2>

<table cellpadding="0" cellspacing="0">
<tr class="parity{upparity}">
  <td><tt>drwxr-xr-x</tt>&nbsp;
  <td>&nbsp;
  <td>&nbsp;
  <td><a href="{url|urlescape}file/{node|short}{up|urlescape}{sessionvars%urlparameter}">[up]</a>
</tr>
{dentries%direntry}
{fentries%fileentry}
</table>
{footer}