Files
@ e08c2b38ae0d
Branch filter:
Location: kallithea/docs/theme/nature/layout.html
e08c2b38ae0d
1.0 KiB
text/html
compare: correct display of special branch names in initial placeholder
When a branch name contains special characters like '<' or '>', and a
'compare' operation is performed with such branch as one of the two compare
sides, then the special branch name will be part of the URL, e.g.
http://localhost:5000/myrepo/compare/branch@master...branch@%3Cscript%3Eblabla%3C/script%3E?other_repo=myrepo
The encoded branch name is then used at page load as placeholders for the
branch selection dropdowns. But, the special characters, were escaped too
much, causing '<' to become < in the display of the dropdown.
It was not correct to use h.jshtml() to escape in the template. That applied
html formatting, too much and too early. We want the raw value. h.js() gives us
that, while still formatting and escaping the string so it is safe inside the
script tag.
When a branch name contains special characters like '<' or '>', and a
'compare' operation is performed with such branch as one of the two compare
sides, then the special branch name will be part of the URL, e.g.
http://localhost:5000/myrepo/compare/branch@master...branch@%3Cscript%3Eblabla%3C/script%3E?other_repo=myrepo
The encoded branch name is then used at page load as placeholders for the
branch selection dropdowns. But, the special characters, were escaped too
much, causing '<' to become < in the display of the dropdown.
It was not correct to use h.jshtml() to escape in the template. That applied
html formatting, too much and too early. We want the raw value. h.js() gives us
that, while still formatting and escaping the string so it is safe inside the
script tag.