# HG changeset patch # User Mads Kiilerich # Date 2019-02-27 02:30:58 # Node ID e08c2b38ae0d918e1b3e9ab2d4403c83598bbd60 # Parent a8d873e9cab0cc05b70acc98545f1da7427371ee compare: correct display of special branch names in initial placeholder When a branch name contains special characters like '<' or '>', and a 'compare' operation is performed with such branch as one of the two compare sides, then the special branch name will be part of the URL, e.g. http://localhost:5000/myrepo/compare/branch@master...branch@%3Cscript%3Eblabla%3C/script%3E?other_repo=myrepo The encoded branch name is then used at page load as placeholders for the branch selection dropdowns. But, the special characters, were escaped too much, causing '<' to become < in the display of the dropdown. It was not correct to use h.jshtml() to escape in the template. That applied html formatting, too much and too early. We want the raw value. h.js() gives us that, while still formatting and escaping the string so it is safe inside the script tag. diff --git a/kallithea/templates/compare/compare_diff.html b/kallithea/templates/compare/compare_diff.html --- a/kallithea/templates/compare/compare_diff.html +++ b/kallithea/templates/compare/compare_diff.html @@ -151,8 +151,8 @@ ${self.repo_context_bar('changelog')} }); } - make_revision_dropdown("#compare_org", ${h.jshtml(c.a_repo.repo_name)}, ${h.jshtml(c.a_ref_name)}, 'cache'); - make_revision_dropdown("#compare_other", ${h.jshtml(c.cs_repo.repo_name)}, ${h.jshtml(c.cs_ref_name)}, 'cache2'); + make_revision_dropdown("#compare_org", ${h.js(c.a_repo.repo_name)}, ${h.js(c.a_ref_name)}, 'cache'); + make_revision_dropdown("#compare_other", ${h.js(c.cs_repo.repo_name)}, ${h.js(c.cs_ref_name)}, 'cache2'); var values_changed = function() { var values = $('#compare_org').select2('data') && $('#compare_other').select2('data');