Changeset - 61d7fffbdf52
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Andrew Shadura - 11 years ago 2015-01-14 17:45:22
andrew@shadura.me
templates: fix HTML injection via file names
1 file changed with 1 insertions and 1 deletions:
kallithea/templates/files/files_browser.html
1
1
0 comments (0 inline, 0 general)
kallithea/templates/files/files_browser.html
Show inline comments
 
@@ -19,13 +19,13 @@
 
        c = "icon-folder-open"
 
        if node.is_file():
 
            c = "icon-doc"
 
        elif node.is_submodule():
 
            c = "icon-file-submodule"
 
    %>
 
    <%return h.literal('<i class="%s"></i><span>%s</span>' % (c, node.name))%>
 
    <%return h.literal('<i class="%s"></i><span>%s</span>' % (c, h.escape(node.name)))%>
 
</%def>
 
<div id="body" class="browserblock">
 
    <div class="browser-header">
 
        <div class="browser-nav">
 
            ${h.form(h.url.current())}
 
            <div class="info_box">
0 comments (0 inline, 0 general)
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.