Mercurial > hg
comparison mercurial/templates/spartan/changeset.tmpl @ 18526:9409aeaafdc1 stable
hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Without this, repository paths or names containing e.g. & characters or html
tags yielded strange results, possibly allowing cross-site scripting attacks.
| author | Thomas Arendsen Hein <thomas@intevation.de> |
|---|---|
| date | Fri, 01 Feb 2013 20:43:35 +0100 |
| parents | 7bf412b767fe |
| children | 52305554fd6e |
comparison
equal
deleted
inserted
replaced
| 18525:462579cbad45 | 18526:9409aeaafdc1 |
|---|---|
| 2 <title>{repo|escape}: changeset {node|short}</title> | 2 <title>{repo|escape}: changeset {node|short}</title> |
| 3 </head> | 3 </head> |
| 4 <body> | 4 <body> |
| 5 | 5 |
| 6 <div class="buttons"> | 6 <div class="buttons"> |
| 7 <a href="{url}log/{rev}{sessionvars%urlparameter}">changelog</a> | 7 <a href="{url|urlescape}log/{rev}{sessionvars%urlparameter}">changelog</a> |
| 8 <a href="{url}shortlog/{rev}{sessionvars%urlparameter}">shortlog</a> | 8 <a href="{url|urlescape}shortlog/{rev}{sessionvars%urlparameter}">shortlog</a> |
| 9 <a href="{url}graph{sessionvars%urlparameter}">graph</a> | 9 <a href="{url|urlescape}graph{sessionvars%urlparameter}">graph</a> |
| 10 <a href="{url}tags{sessionvars%urlparameter}">tags</a> | 10 <a href="{url|urlescape}tags{sessionvars%urlparameter}">tags</a> |
| 11 <a href="{url}branches{sessionvars%urlparameter}">branches</a> | 11 <a href="{url|urlescape}branches{sessionvars%urlparameter}">branches</a> |
| 12 <a href="{url}file/{node|short}{sessionvars%urlparameter}">files</a> | 12 <a href="{url|urlescape}file/{node|short}{sessionvars%urlparameter}">files</a> |
| 13 <a href="{url}raw-rev/{node|short}">raw</a> | 13 <a href="{url|urlescape}raw-rev/{node|short}">raw</a> |
| 14 {archives%archiveentry} | 14 {archives%archiveentry} |
| 15 <a href="{url}help{sessionvars%urlparameter}">help</a> | 15 <a href="{url|urlescape}help{sessionvars%urlparameter}">help</a> |
| 16 </div> | 16 </div> |
| 17 | 17 |
| 18 <h2><a href="/">Mercurial</a> {pathdef%breadcrumb} / changeset: {desc|strip|escape|firstline|nonempty}</h2> | 18 <h2><a href="/">Mercurial</a> {pathdef%breadcrumb} / changeset: {desc|strip|escape|firstline|nonempty}</h2> |
| 19 | 19 |
| 20 <table id="changesetEntry"> | 20 <table id="changesetEntry"> |
| 21 <tr> | 21 <tr> |
| 22 <th class="changeset">changeset {rev}:</th> | 22 <th class="changeset">changeset {rev}:</th> |
| 23 <td class="changeset"><a href="{url}rev/{node|short}{sessionvars%urlparameter}">{node|short}</a></td> | 23 <td class="changeset"><a href="{url|urlescape}rev/{node|short}{sessionvars%urlparameter}">{node|short}</a></td> |
| 24 </tr> | 24 </tr> |
| 25 {parent%changesetparent} | 25 {parent%changesetparent} |
| 26 {child%changesetchild} | 26 {child%changesetchild} |
| 27 {changesettag} | 27 {changesettag} |
| 28 <tr> | 28 <tr> |