view mercurial/templates/paper/map @ 18526:9409aeaafdc1 stable

hgweb: urlescape all urls, HTML escape repo/tag/branch/... names Without this, repository paths or names containing e.g. & characters or html tags yielded strange results, possibly allowing cross-site scripting attacks.
author Thomas Arendsen Hein <thomas@intevation.de>
date Fri, 01 Feb 2013 20:43:35 +0100
parents 41eabb5b8761
children 3c7c25fa58e0
line wrap: on
line source

default = 'shortlog'

mimetype = 'text/html; charset={encoding}'
header = header.tmpl
footer = footer.tmpl
search = search.tmpl

changelog = shortlog.tmpl
shortlog = shortlog.tmpl
shortlogentry = shortlogentry.tmpl
graph = graph.tmpl
help = help.tmpl
helptopics = helptopics.tmpl

helpentry = '<tr><td><a href="{url|urlescape}help/{topic|escape}{sessionvars%urlparameter}">{topic|escape}</a></td><td>{summary|escape}</td></tr>'

naventry = '<a href="{url|urlescape}log/{node|short}{sessionvars%urlparameter}">{label|escape}</a> '
navshortentry = '<a href="{url|urlescape}shortlog/{node|short}{sessionvars%urlparameter}">{label|escape}</a> '
navgraphentry = '<a href="{url|urlescape}graph/{node|short}{sessionvars%urlparameter}">{label|escape}</a> '
filenaventry = '<a href="{url|urlescape}log/{node|short}/{file|urlescape}{sessionvars%urlparameter}">{label|escape}</a> '
filedifflink = '<a href="{url|urlescape}diff/{node|short}/{file|urlescape}{sessionvars%urlparameter}">{file|escape}</a> '
filenodelink = '<a href="{url|urlescape}file/{node|short}/{file|urlescape}{sessionvars%urlparameter}">{file|escape}</a> '
filenolink = '{file|escape} '
fileellipses = '...'
diffstatlink = diffstat.tmpl
diffstatnolink = diffstat.tmpl
changelogentry = shortlogentry.tmpl
searchentry = shortlogentry.tmpl
changeset = changeset.tmpl
manifest = manifest.tmpl

nav = '{before%naventry} {after%naventry}'
navshort = '{before%navshortentry}{after%navshortentry}'
navgraph = '{before%navgraphentry}{after%navgraphentry}'
filenav = '{before%filenaventry}{after%filenaventry}'

direntry = '
  <tr class="fileline parity{parity}">
    <td class="name">
      <a href="{url|urlescape}file/{node|short}{path|urlescape}{sessionvars%urlparameter}">
        <img src="{staticurl|urlescape}coal-folder.png" alt="dir."/> {basename|escape}/
      </a>
      <a href="{url|urlescape}file/{node|short}{path|urlescape}/{emptydirs|urlescape}{sessionvars%urlparameter}">
        {emptydirs|escape}
      </a>
    </td>
    <td class="size"></td>
    <td class="permissions">drwxr-xr-x</td>
  </tr>'

fileentry = '
  <tr class="fileline parity{parity}">
    <td class="filename">
      <a href="{url|urlescape}file/{node|short}/{file|urlescape}{sessionvars%urlparameter}">
        <img src="{staticurl|urlescape}coal-file.png" alt="file"/> {basename|escape}
      </a>
    </td>
    <td class="size">{size}</td>
    <td class="permissions">{permissions|permissions}</td>
  </tr>'

filerevision = filerevision.tmpl
fileannotate = fileannotate.tmpl
filediff = filediff.tmpl
filecomparison = filecomparison.tmpl
filelog = filelog.tmpl
fileline = '
  <div class="parity{parity} source"><a href="#{lineid}" id="{lineid}">{linenumber}</a> {line|escape}</div>'
filelogentry = filelogentry.tmpl

annotateline = '
  <tr class="parity{parity}">
    <td class="annotate">
      <a href="{url|urlescape}annotate/{node|short}/{file|urlescape}{sessionvars%urlparameter}#l{targetline}"
         title="{node|short}: {desc|escape|firstline}">{author|user}@{rev}</a>
    </td>
    <td class="source"><a href="#{lineid}" id="{lineid}">{linenumber}</a> {line|escape}</td>
  </tr>'

diffblock = '<div class="source bottomline parity{parity}"><pre>{lines}</pre></div>'
difflineplus = '<a href="#{lineid}" id="{lineid}">{linenumber}</a> <span class="plusline">{line|escape}</span>'
difflineminus = '<a href="#{lineid}" id="{lineid}">{linenumber}</a> <span class="minusline">{line|escape}</span>'
difflineat = '<a href="#{lineid}" id="{lineid}">{linenumber}</a> <span class="atline">{line|escape}</span>'
diffline = '<a href="#{lineid}" id="{lineid}">{linenumber}</a> {line|escape}'

comparisonblock ='
  <tbody class="block">
  {lines}
  </tbody>'
comparisonline = '
  <tr>
    <td class="source {type}"><a href="#{lineid}" id="{lineid}">{leftlinenumber}</a> {leftline|escape}</td>
    <td class="source {type}"><a href="#{lineid}" id="{lineid}">{rightlinenumber}</a> {rightline|escape}</td>
  </tr>'

changelogparent = '
  <tr>
    <th class="parent">parent {rev}:</th>
    <td class="parent"><a href="{url|urlescape}rev/{node|short}{sessionvars%urlparameter}">{node|short}</a></td>
  </tr>'

changesetparent = '<a href="{url|urlescape}rev/{node|short}{sessionvars%urlparameter}">{node|short}</a> '

difffrom = '<a href="{url|urlescape}rev/{node|short}:{originalnode|short}{sessionvars%urlparameter}">{node|short}</a> '

filerevparent = '<a href="{url|urlescape}file/{node|short}/{file|urlescape}{sessionvars%urlparameter}">{rename%filerename}{node|short}</a> '
filerevchild = '<a href="{url|urlescape}file/{node|short}/{file|urlescape}{sessionvars%urlparameter}">{node|short}</a> '

filerename = '{file|escape}@'
filelogrename = '
  <span class="base">
    base
    <a href="{url|urlescape}file/{node|short}/{file|urlescape}{sessionvars%urlparameter}">
      {file|escape}@{node|short}
    </a>
  </span>'
fileannotateparent = '
  <tr>
    <td class="metatag">parent:</td>
    <td>
      <a href="{url|urlescape}annotate/{node|short}/{file|urlescape}{sessionvars%urlparameter}">
        {rename%filerename}{node|short}
      </a>
    </td>
  </tr>'
changesetchild = ' <a href="{url|urlescape}rev/{node|short}{sessionvars%urlparameter}">{node|short}</a>'
changelogchild = '
  <tr>
    <th class="child">child</th>
    <td class="child">
      <a href="{url|urlescape}rev/{node|short}{sessionvars%urlparameter}">
        {node|short}
      </a>
    </td>
  </tr>'
fileannotatechild = '
  <tr>
    <td class="metatag">child:</td>
    <td>
      <a href="{url|urlescape}annotate/{node|short}/{file|urlescape}{sessionvars%urlparameter}">
        {node|short}
      </a>
    </td>
  </tr>'
tags = tags.tmpl
tagentry = '
  <tr class="tagEntry parity{parity}">
    <td>
      <a href="{url|urlescape}rev/{node|short}{sessionvars%urlparameter}">
        {tag|escape}
      </a>
    </td>
    <td class="node">
      {node|short}
    </td>
  </tr>'
bookmarks = bookmarks.tmpl
bookmarkentry = '
  <tr class="tagEntry parity{parity}">
    <td>
      <a href="{url|urlescape}rev/{node|short}{sessionvars%urlparameter}">
        {bookmark|escape}
      </a>
    </td>
    <td class="node">
      {node|short}
    </td>
  </tr>'
branches = branches.tmpl
branchentry = '
  <tr class="tagEntry parity{parity}">
    <td>
      <a href="{url|urlescape}shortlog/{node|short}{sessionvars%urlparameter}" class="{status}">
        {branch|escape}
      </a>
    </td>
    <td class="node">
      {node|short}
    </td>
  </tr>'
changelogtag = '<span class="tag">{name|escape}</span> '
changesettag = '<span class="tag">{tag|escape}</span> '
changesetbookmark = '<span class="tag">{bookmark|escape}</span> '
changelogbranchhead = '<span class="branchhead">{name|escape}</span> '
changelogbranchname = '<span class="branchname">{name|escape}</span> '

filediffparent = '
  <tr>
    <th class="parent">parent {rev}:</th>
    <td class="parent"><a href="{url|urlescape}rev/{node|short}{sessionvars%urlparameter}">{node|short}</a></td>
  </tr>'
filelogparent = '
  <tr>
    <th>parent {rev}:</th>
    <td><a href="{url|urlescape}file/{node|short}/{file|urlescape}{sessionvars%urlparameter}">{node|short}</a></td>
  </tr>'
filediffchild = '
  <tr>
    <th class="child">child {rev}:</th>
    <td class="child"><a href="{url|urlescape}rev/{node|short}{sessionvars%urlparameter}">{node|short}</a>
  </td>
  </tr>'
filelogchild = '
  <tr>
    <th>child {rev}:</th>
    <td><a href="{url|urlescape}file/{node|short}/{file|urlescape}{sessionvars%urlparameter}">{node|short}</a></td>
  </tr>'

indexentry = '
  <tr class="parity{parity}">
    <td><a href="{url|urlescape}{sessionvars%urlparameter}">{name|escape}</a></td>
    <td>{description}</td>
    <td>{contact|obfuscate}</td>
    <td class="age">{lastchange|rfc822date}</td>
    <td class="indexlinks">{archives%indexarchiveentry}</td>
    <td>
        {if(isdirectory, '',
            '<a href="{url|urlescape}atom-log" title="subscribe to repository atom feed">
                <img class="atom-logo" src="{staticurl|urlescape}feed-icon-14x14.png" alt="subscribe to repository atom feed">
            </a>'
            )}
    </td>
  </tr>\n'
indexarchiveentry = '<a href="{url|urlescape}archive/{node|short}{extension|urlescape}">&nbsp;&darr;{type|escape}</a>'
index = index.tmpl
archiveentry = '
  <li>
    <a href="{url|urlescape}archive/{node|short}{extension|urlescape}">{type|escape}</a>
  </li>'
notfound = notfound.tmpl
error = error.tmpl
urlparameter = '{separator}{name}={value|urlescape}'
hiddenformentry = '<input type="hidden" name="{name}" value="{value|escape}" />'
breadcrumb = '&gt; <a href="{url|urlescape}">{name|escape}</a> '