Mercurial > hg
comparison mercurial/templates/paper/filediff.tmpl @ 18526:9409aeaafdc1 stable
hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Without this, repository paths or names containing e.g. & characters or html
tags yielded strange results, possibly allowing cross-site scripting attacks.
| author | Thomas Arendsen Hein <thomas@intevation.de> |
|---|---|
| date | Fri, 01 Feb 2013 20:43:35 +0100 |
| parents | bebb05a7e249 |
| children | 52305554fd6e |
comparison
equal
deleted
inserted
replaced
| 18525:462579cbad45 | 18526:9409aeaafdc1 |
|---|---|
| 5 | 5 |
| 6 <div class="container"> | 6 <div class="container"> |
| 7 <div class="menu"> | 7 <div class="menu"> |
| 8 <div class="logo"> | 8 <div class="logo"> |
| 9 <a href="{logourl}"> | 9 <a href="{logourl}"> |
| 10 <img src="{staticurl}{logoimg}" alt="mercurial" /></a> | 10 <img src="{staticurl|urlescape}{logoimg}" alt="mercurial" /></a> |
| 11 </div> | 11 </div> |
| 12 <ul> | 12 <ul> |
| 13 <li><a href="{url}shortlog/{node|short}{sessionvars%urlparameter}">log</a></li> | 13 <li><a href="{url|urlescape}shortlog/{node|short}{sessionvars%urlparameter}">log</a></li> |
| 14 <li><a href="{url}graph/{node|short}{sessionvars%urlparameter}">graph</a></li> | 14 <li><a href="{url|urlescape}graph/{node|short}{sessionvars%urlparameter}">graph</a></li> |
| 15 <li><a href="{url}tags{sessionvars%urlparameter}">tags</a></li> | 15 <li><a href="{url|urlescape}tags{sessionvars%urlparameter}">tags</a></li> |
| 16 <li><a href="{url}bookmarks{sessionvars%urlparameter}">bookmarks</a></li> | 16 <li><a href="{url|urlescape}bookmarks{sessionvars%urlparameter}">bookmarks</a></li> |
| 17 <li><a href="{url}branches{sessionvars%urlparameter}">branches</a></li> | 17 <li><a href="{url|urlescape}branches{sessionvars%urlparameter}">branches</a></li> |
| 18 </ul> | 18 </ul> |
| 19 <ul> | 19 <ul> |
| 20 <li><a href="{url}rev/{node|short}{sessionvars%urlparameter}">changeset</a></li> | 20 <li><a href="{url|urlescape}rev/{node|short}{sessionvars%urlparameter}">changeset</a></li> |
| 21 <li><a href="{url}file/{node|short}{path|urlescape}{sessionvars%urlparameter}">browse</a></li> | 21 <li><a href="{url|urlescape}file/{node|short}{path|urlescape}{sessionvars%urlparameter}">browse</a></li> |
| 22 </ul> | 22 </ul> |
| 23 <ul> | 23 <ul> |
| 24 <li><a href="{url}file/{node|short}/{file|urlescape}{sessionvars%urlparameter}">file</a></li> | 24 <li><a href="{url|urlescape}file/{node|short}/{file|urlescape}{sessionvars%urlparameter}">file</a></li> |
| 25 <li><a href="{url}file/tip/{file|urlescape}{sessionvars%urlparameter}">latest</a></li> | 25 <li><a href="{url|urlescape}file/tip/{file|urlescape}{sessionvars%urlparameter}">latest</a></li> |
| 26 <li class="active">diff</li> | 26 <li class="active">diff</li> |
| 27 <li><a href="{url}comparison/{node|short}/{file|urlescape}{sessionvars%urlparameter}">comparison</a></li> | 27 <li><a href="{url|urlescape}comparison/{node|short}/{file|urlescape}{sessionvars%urlparameter}">comparison</a></li> |
| 28 <li><a href="{url}annotate/{node|short}/{file|urlescape}{sessionvars%urlparameter}">annotate</a></li> | 28 <li><a href="{url|urlescape}annotate/{node|short}/{file|urlescape}{sessionvars%urlparameter}">annotate</a></li> |
| 29 <li><a href="{url}log/{node|short}/{file|urlescape}{sessionvars%urlparameter}">file log</a></li> | 29 <li><a href="{url|urlescape}log/{node|short}/{file|urlescape}{sessionvars%urlparameter}">file log</a></li> |
| 30 <li><a href="{url}raw-file/{node|short}/{file|urlescape}">raw</a></li> | 30 <li><a href="{url|urlescape}raw-file/{node|short}/{file|urlescape}">raw</a></li> |
| 31 </ul> | 31 </ul> |
| 32 <ul> | 32 <ul> |
| 33 <li><a href="{url}help{sessionvars%urlparameter}">help</a></li> | 33 <li><a href="{url|urlescape}help{sessionvars%urlparameter}">help</a></li> |
| 34 </ul> | 34 </ul> |
| 35 </div> | 35 </div> |
| 36 | 36 |
| 37 <div class="main"> | 37 <div class="main"> |
| 38 <h2 class="breadcrumb"><a href="/">Mercurial</a> {pathdef%breadcrumb}</h2> | 38 <h2 class="breadcrumb"><a href="/">Mercurial</a> {pathdef%breadcrumb}</h2> |
| 39 <h3>diff {file|escape} @ {rev}:{node|short}</h3> | 39 <h3>diff {file|escape} @ {rev}:{node|short}</h3> |
| 40 | 40 |
| 41 <form class="search" action="{url}log"> | 41 <form class="search" action="{url|urlescape}log"> |
| 42 <p>{sessionvars%hiddenformentry}</p> | 42 <p>{sessionvars%hiddenformentry}</p> |
| 43 <p><input name="rev" id="search1" type="text" size="30" /></p> | 43 <p><input name="rev" id="search1" type="text" size="30" /></p> |
| 44 <div id="hint">find changesets by author, revision, | 44 <div id="hint">find changesets by author, revision, |
| 45 files, or words in the commit message</div> | 45 files, or words in the commit message</div> |
| 46 </form> | 46 </form> |