Mercurial > hg
annotate mercurial/templates/gitweb/changelogentry.tmpl @ 18526:9409aeaafdc1 stable
hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Without this, repository paths or names containing e.g. & characters or html
tags yielded strange results, possibly allowing cross-site scripting attacks.
author | Thomas Arendsen Hein <thomas@intevation.de> |
---|---|
date | Fri, 01 Feb 2013 20:43:35 +0100 |
parents | fe9d36a6853e |
children | 52305554fd6e |
rev | line source |
---|---|
1572
385b8872b8e3
[hgweb] Initial import of the "gitweb" style
Josef "Jeff" Sipek <jeffpc@optonline.net>
parents:
diff
changeset
|
1 <div> |
18526
9409aeaafdc1
hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Thomas Arendsen Hein <thomas@intevation.de>
parents:
15375
diff
changeset
|
2 <a class="title" href="{url|urlescape}rev/{node|short}{sessionvars%urlparameter}"><span class="age">{date|rfc822date}</span>{desc|strip|firstline|escape|nonempty}<span class="logtags"> {inbranch%inbranchtag}{branches%branchtag}{tags%tagtag}{bookmarks%bookmarktag}</span></a> |
1572
385b8872b8e3
[hgweb] Initial import of the "gitweb" style
Josef "Jeff" Sipek <jeffpc@optonline.net>
parents:
diff
changeset
|
3 </div> |
385b8872b8e3
[hgweb] Initial import of the "gitweb" style
Josef "Jeff" Sipek <jeffpc@optonline.net>
parents:
diff
changeset
|
4 <div class="title_text"> |
385b8872b8e3
[hgweb] Initial import of the "gitweb" style
Josef "Jeff" Sipek <jeffpc@optonline.net>
parents:
diff
changeset
|
5 <div class="log_link"> |
18526
9409aeaafdc1
hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Thomas Arendsen Hein <thomas@intevation.de>
parents:
15375
diff
changeset
|
6 <a href="{url|urlescape}rev/{node|short}{sessionvars%urlparameter}">changeset</a><br/> |
1572
385b8872b8e3
[hgweb] Initial import of the "gitweb" style
Josef "Jeff" Sipek <jeffpc@optonline.net>
parents:
diff
changeset
|
7 </div> |
8427
cebdfdcc3e42
git: use newer template syntax everywhere
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8235
diff
changeset
|
8 <i>{author|obfuscate} [{date|rfc822date}] rev {rev}</i><br/> |
1572
385b8872b8e3
[hgweb] Initial import of the "gitweb" style
Josef "Jeff" Sipek <jeffpc@optonline.net>
parents:
diff
changeset
|
9 </div> |
385b8872b8e3
[hgweb] Initial import of the "gitweb" style
Josef "Jeff" Sipek <jeffpc@optonline.net>
parents:
diff
changeset
|
10 <div class="log_body"> |
8427
cebdfdcc3e42
git: use newer template syntax everywhere
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8235
diff
changeset
|
11 {desc|strip|escape|addbreaks|nonempty} |
1572
385b8872b8e3
[hgweb] Initial import of the "gitweb" style
Josef "Jeff" Sipek <jeffpc@optonline.net>
parents:
diff
changeset
|
12 <br/> |
385b8872b8e3
[hgweb] Initial import of the "gitweb" style
Josef "Jeff" Sipek <jeffpc@optonline.net>
parents:
diff
changeset
|
13 <br/> |
385b8872b8e3
[hgweb] Initial import of the "gitweb" style
Josef "Jeff" Sipek <jeffpc@optonline.net>
parents:
diff
changeset
|
14 </div> |