Mercurial > hg
view mercurial/templates/spartan/changeset.tmpl @ 18526:9409aeaafdc1 stable
hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Without this, repository paths or names containing e.g. & characters or html
tags yielded strange results, possibly allowing cross-site scripting attacks.
| author | Thomas Arendsen Hein <thomas@intevation.de> |
|---|---|
| date | Fri, 01 Feb 2013 20:43:35 +0100 |
| parents | 7bf412b767fe |
| children | 52305554fd6e |
line wrap: on
line source
{header} <title>{repo|escape}: changeset {node|short}</title> </head> <body> <div class="buttons"> <a href="{url|urlescape}log/{rev}{sessionvars%urlparameter}">changelog</a> <a href="{url|urlescape}shortlog/{rev}{sessionvars%urlparameter}">shortlog</a> <a href="{url|urlescape}graph{sessionvars%urlparameter}">graph</a> <a href="{url|urlescape}tags{sessionvars%urlparameter}">tags</a> <a href="{url|urlescape}branches{sessionvars%urlparameter}">branches</a> <a href="{url|urlescape}file/{node|short}{sessionvars%urlparameter}">files</a> <a href="{url|urlescape}raw-rev/{node|short}">raw</a> {archives%archiveentry} <a href="{url|urlescape}help{sessionvars%urlparameter}">help</a> </div> <h2><a href="/">Mercurial</a> {pathdef%breadcrumb} / changeset: {desc|strip|escape|firstline|nonempty}</h2> <table id="changesetEntry"> <tr> <th class="changeset">changeset {rev}:</th> <td class="changeset"><a href="{url|urlescape}rev/{node|short}{sessionvars%urlparameter}">{node|short}</a></td> </tr> {parent%changesetparent} {child%changesetchild} {changesettag} <tr> <th class="author">author:</th> <td class="author">{author|obfuscate}</td> </tr> <tr> <th class="date">date:</th> <td class="date age">{date|rfc822date}</td> </tr> <tr> <th class="files">files:</th> <td class="files">{files}</td> </tr> <tr> <th class="description">description:</th> <td class="description">{desc|strip|escape|addbreaks|nonempty}</td> </tr> </table> <div id="changesetDiff"> {diff} </div> {footer}