[galaxy-commits] commit/galaxy-central: 34 new changesets

34 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/b22b643e77b9/ changeset: b22b643e77b9 user: dan date: 2012-10-23 17:05:59 summary: Add helper method to allow html escaping and replacing newlines with breaks and use it for rendering readme and long description. affected #: 1 file diff -r 06b3b644188a29b78e8400298c67472b5b6bd790 -r b22b643e77b98544ac65becb16626be403578792 templates/webapps/community/common/common.mako --- a/templates/webapps/community/common/common.mako +++ b/templates/webapps/community/common/common.mako @@ -1,3 +1,11 @@ +<%def name="escape_html_add_breaks( value )"> + <% + import markupsafe + value = str( markupsafe.escape( value ) ).replace( '\n', '<br/>' ) + %> + ${value} +</%def> + <%def name="render_star_rating( name, rating, disabled=False )"><% if disabled: @@ -15,7 +23,6 @@ </%def><%def name="render_readme( readme_text )"> - <% readme_text = readme_text.replace( '\n', '<br/>' ) %><style type="text/css"> #readme_table{ table-layout:fixed; width:100%; @@ -31,7 +38,7 @@ <div class="toolFormBody"><div class="form-row"><table id="readme_table"> - <tr><td>${readme_text}</td></tr> + <tr><td>${ escape_html_add_breaks( readme_text ) }</td></tr></table></div></div> @@ -39,7 +46,6 @@ </%def><%def name="render_long_description( description_text )"> - <% description_text = description_text.replace( '\n', '<br/>' ) %><style type="text/css"> #description_table{ table-layout:fixed; width:100%; @@ -53,7 +59,7 @@ <div class="form-row"><label>Detailed description:</label><table id="description_table"> - <tr><td>${description_text}</td></tr> + <tr><td>${ escape_html_add_breaks( description_text ) }</td></tr></table><div style="clear: both"></div></div> https://bitbucket.org/galaxy/galaxy-central/changeset/dc8b436cba17/ changeset: dc8b436cba17 user: dan date: 2012-10-23 17:05:59 summary: HTML escape values that could be set by the user in templates/webapps/community/admin/statistics.mako. affected #: 1 file diff -r b22b643e77b98544ac65becb16626be403578792 -r dc8b436cba17a907d9b5b3b2a79514f52f67256e templates/webapps/community/admin/statistics.mako --- a/templates/webapps/community/admin/statistics.mako +++ b/templates/webapps/community/admin/statistics.mako @@ -16,35 +16,35 @@ </tr><tr><td>Total repositories</td> - <td>${trans.app.shed_counter.repositories}</td> + <td>${trans.app.shed_counter.repositories | h}</td></tr><tr><td>Empty repositories</td> - <td>${trans.app.shed_counter.new_repositories}</td> + <td>${trans.app.shed_counter.new_repositories | h}</td></tr><tr><td>Deleted repositories</td> - <td>${trans.app.shed_counter.deleted_repositories}</td> + <td>${trans.app.shed_counter.deleted_repositories | h}</td></tr><tr><td>Valid tools</td> - <td>${trans.app.shed_counter.valid_tools}</td> + <td>${trans.app.shed_counter.valid_tools | h}</td></tr><tr><td>Invalid tools</td> - <td>${trans.app.shed_counter.invalid_tools}</td> + <td>${trans.app.shed_counter.invalid_tools | h}</td></tr><tr><td>Workflows</td> - <td>${trans.app.shed_counter.workflows}</td> + <td>${trans.app.shed_counter.workflows | h}</td></tr><tr><td>Proprietary datatypes</td> - <td>${trans.app.shed_counter.proprietary_datatypes}</td> + <td>${trans.app.shed_counter.proprietary_datatypes | h}</td></tr><tr><td>Total clones</td> - <td>${trans.app.shed_counter.total_clones}</td> + <td>${trans.app.shed_counter.total_clones | h}</td></tr></table></div> https://bitbucket.org/galaxy/galaxy-central/changeset/5a9c7d2c9914/ changeset: 5a9c7d2c9914 user: dan date: 2012-10-23 17:05:59 summary: HTML escape values that could be set by the user in templates/webapps/community/base_panels.mako. affected #: 1 file diff -r dc8b436cba17a907d9b5b3b2a79514f52f67256e -r 5a9c7d2c9914bb7b4c2b9626b8722138dab1ac10 templates/webapps/community/base_panels.mako --- a/templates/webapps/community/base_panels.mako +++ b/templates/webapps/community/base_panels.mako @@ -50,10 +50,10 @@ ${menu_item[0]} %elif len ( menu_item ) == 2: <% name, link = menu_item %> - <a href="${link}">${name}</a> + <a href="${link}">${name | h}</a> %else: <% name, link, target = menu_item %> - <a target="${target}" href="${link}">${name}</a> + <a target="${target}" href="${link}">${name | h}</a> %endif </li> %endif https://bitbucket.org/galaxy/galaxy-central/changeset/30ba3eb8752d/ changeset: 30ba3eb8752d user: dan date: 2012-10-23 17:06:00 summary: HTML escape values that could be set by the user in templates/webapps/community/category/create_category.mako. affected #: 1 file diff -r 5a9c7d2c9914bb7b4c2b9626b8722138dab1ac10 -r 30ba3eb8752d2d81076bb262dfcdebc0c072cf32 templates/webapps/community/category/create_category.mako --- a/templates/webapps/community/category/create_category.mako +++ b/templates/webapps/community/category/create_category.mako @@ -20,11 +20,11 @@ <form name="create_category_form" id="create_category_form" action="${h.url_for( action='create_category' )}" method="post" ><div class="form-row"><label>Name:</label> - <input name="name" type="textfield" value="${name}" size=40"/> + <input name="name" type="textfield" value="${name | h}" size=40"/></div><div class="form-row"><label>Description:</label> - <input name="description" type="textfield" value="${description}" size=40"/> + <input name="description" type="textfield" value="${description | h}" size=40"/></div><div class="form-row"><input type="submit" name="create_category_button" value="Save"/> https://bitbucket.org/galaxy/galaxy-central/changeset/1763560b7737/ changeset: 1763560b7737 user: dan date: 2012-10-23 17:06:00 summary: HTML escape values that could be set by the user in templates/webapps/community/category/edit_category.mako. affected #: 1 file diff -r 30ba3eb8752d2d81076bb262dfcdebc0c072cf32 -r 1763560b7737d656bdf2aa091b1c3979580c48a3 templates/webapps/community/category/edit_category.mako --- a/templates/webapps/community/category/edit_category.mako +++ b/templates/webapps/community/category/edit_category.mako @@ -12,14 +12,14 @@ <div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="name" value="${category.name}" size="40"/> + <input type="text" name="name" value="${category.name | h}" size="40"/></div><div style="clear: both"></div></div><div class="form-row"><label>Description:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input name="description" type="textfield" value="${category.description}" size=40"/> + <input name="description" type="textfield" value="${category.description | h}" size=40"/></div><div style="clear: both"></div></div> https://bitbucket.org/galaxy/galaxy-central/changeset/185c6185de86/ changeset: 185c6185de86 user: dan date: 2012-10-23 17:06:00 summary: HTML escape values that could be set by the user in templates/webapps/community/category/grid.mako. affected #: 1 file diff -r 1763560b7737d656bdf2aa091b1c3979580c48a3 -r 185c6185de86b9aa282bdd80ab3f75adca6e4991 templates/webapps/community/category/grid.mako --- a/templates/webapps/community/category/grid.mako +++ b/templates/webapps/community/category/grid.mako @@ -14,13 +14,13 @@ <ul class="manage-table-actions"> %if len( grid.global_actions ) < 4: %for action in grid.global_actions: - <li><a class="action-button" href="${h.url_for( **action.url_args )}">${action.label}</a></li> + <li><a class="action-button" href="${h.url_for( **action.url_args )}">${action.label | h}</a></li> %endfor %else: <li><a class="action-button" id="action-8675309-popup" class="menubutton">Actions</a></li><div popupmenu="action-8675309-popup"> %for action in grid.global_actions: - <a class="action-button" href="${h.url_for( **action.url_args )}">${action.label}</a> + <a class="action-button" href="${h.url_for( **action.url_args )}">${action.label | h}</a> %endfor </div> %endif https://bitbucket.org/galaxy/galaxy-central/changeset/a850f48f7ae6/ changeset: a850f48f7ae6 user: dan date: 2012-10-23 17:06:00 summary: HTML escape values that could be set by the user in templates/webapps/community/category/valid_grid.mako. affected #: 1 file diff -r 185c6185de86b9aa282bdd80ab3f75adca6e4991 -r a850f48f7ae62221a3858f1445e4b1d11206598f templates/webapps/community/category/valid_grid.mako --- a/templates/webapps/community/category/valid_grid.mako +++ b/templates/webapps/community/category/valid_grid.mako @@ -13,13 +13,13 @@ <ul class="manage-table-actions"> %if len( grid.global_actions ) < 4: %for action in grid.global_actions: - <li><a class="action-button" href="${h.url_for( **action.url_args )}">${action.label}</a></li> + <li><a class="action-button" href="${h.url_for( **action.url_args )}">${action.label | h}</a></li> %endfor %else: <li><a class="action-button" id="action-8675309-popup" class="menubutton">Actions</a></li><div popupmenu="action-8675309-popup"> %for action in grid.global_actions: - <a class="action-button" href="${h.url_for( **action.url_args )}">${action.label}</a> + <a class="action-button" href="${h.url_for( **action.url_args )}">${action.label | h}</a> %endfor </div> %endif https://bitbucket.org/galaxy/galaxy-central/changeset/92646b4f0ef6/ changeset: 92646b4f0ef6 user: dan date: 2012-10-23 17:06:00 summary: HTML escape hg ces that could be set by the user in templates/webapps/community/common/view_readme.mako. affected #: 1 file diff -r a850f48f7ae62221a3858f1445e4b1d11206598f -r 92646b4f0ef669cdb74fa131c00084ad55a6ead2 templates/webapps/community/common/view_readme.mako --- a/templates/webapps/community/common/view_readme.mako +++ b/templates/webapps/community/common/view_readme.mako @@ -40,7 +40,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='rate_repository', id=trans.app.security.encode_id( repository.id ) )}">Rate repository</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_contact_owner: <a class="action-button" href="${h.url_for( controller='repository', action='contact_owner', id=trans.security.encode_id( repository.id ) )}">Contact repository owner</a> https://bitbucket.org/galaxy/galaxy-central/changeset/dc24ef2a00fb/ changeset: dc24ef2a00fb user: dan date: 2012-10-23 17:06:01 summary: HTML escape values that could be set by the user in templates/webapps/community/index.mako. affected #: 1 file diff -r 92646b4f0ef669cdb74fa131c00084ad55a6ead2 -r dc24ef2a00fb078959e7fdadc961663bcd280e7f templates/webapps/community/index.mako --- a/templates/webapps/community/index.mako +++ b/templates/webapps/community/index.mako @@ -39,7 +39,7 @@ <%def name="left_panel()"><% can_review_repositories = trans.app.security_agent.user_can_review_repositories( trans.user ) %><div class="unified-panel-header" unselectable="on"> - <div class='unified-panel-header-inner'>${trans.app.shed_counter.valid_tools} valid tools on ${trans.app.shed_counter.generation_time}</div> + <div class='unified-panel-header-inner'>${trans.app.shed_counter.valid_tools | h} valid tools on ${trans.app.shed_counter.generation_time | h}</div></div><div class="page-container" style="padding: 10px;"><div class="toolMenu"> https://bitbucket.org/galaxy/galaxy-central/changeset/47f0fcbe6d64/ changeset: 47f0fcbe6d64 user: dan date: 2012-10-23 17:06:05 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/browse_invalid_tools.mako. affected #: 1 file diff -r dc24ef2a00fb078959e7fdadc961663bcd280e7f -r 47f0fcbe6d6442c19170327c944266093b7445a6 templates/webapps/community/repository/browse_invalid_tools.mako --- a/templates/webapps/community/repository/browse_invalid_tools.mako +++ b/templates/webapps/community/repository/browse_invalid_tools.mako @@ -24,9 +24,9 @@ ${invalid_tool_config} </a></td> - <td>${repository_name}</td> - <td>${repository_owner}</td> - <td>${changeset_revision}</td> + <td>${repository_name | h}</td> + <td>${repository_owner | h}</td> + <td>${changeset_revision | h}</td></tr> %endfor </table> https://bitbucket.org/galaxy/galaxy-central/changeset/4ede4449df8e/ changeset: 4ede4449df8e user: dan date: 2012-10-23 17:06:06 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/browse_repository.mako. affected #: 1 file diff -r 47f0fcbe6d6442c19170327c944266093b7445a6 -r 4ede4449df8e43cade2a9a5c395be9eeae586d38 templates/webapps/community/repository/browse_repository.mako --- a/templates/webapps/community/repository/browse_repository.mako +++ b/templates/webapps/community/repository/browse_repository.mako @@ -101,7 +101,7 @@ %if can_browse_contents: <div class="toolForm"> - <div class="toolFormTitle">Browse ${repository.name} revision ${repository.tip} (repository tip)</div> + <div class="toolFormTitle">Browse ${repository.name | h} revision ${repository.tip | h} (repository tip)</div> %if can_download: <div class="form-row"><label>Clone this repository:</label> @@ -124,7 +124,7 @@ <label>Message:</label><div class="form-row-input"> %if commit_message: - <textarea name="commit_message" rows="3" cols="35">${commit_message}</textarea> + <textarea name="commit_message" rows="3" cols="35">${commit_message | h}</textarea> %else: <textarea name="commit_message" rows="3" cols="35"></textarea> %endif https://bitbucket.org/galaxy/galaxy-central/changeset/d2b0c5110534/ changeset: d2b0c5110534 user: dan date: 2012-10-23 17:06:06 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/common.mako. affected #: 1 file diff -r 4ede4449df8e43cade2a9a5c395be9eeae586d38 -r d2b0c51105347748ce6863ab0a217c86daa295c8 templates/webapps/community/repository/common.mako --- a/templates/webapps/community/repository/common.mako +++ b/templates/webapps/community/repository/common.mako @@ -126,9 +126,9 @@ type = requirements_dict[ 'type' ] %><tr> - <td>${name}</td> - <td>${version}</td> - <td>${type}</td> + <td>${name | h}</td> + <td>${version | h}</td> + <td>${type | h}</td></tr> %endif %endfor @@ -154,8 +154,8 @@ <% environment_settings = tool_dependencies[ 'set_environment' ] %> %for requirements_dict in environment_settings: <tr> - <td>${requirements_dict[ 'name' ]}</td> - <td>${requirements_dict[ 'type' ]}</td> + <td>${requirements_dict[ 'name' ] | h}</td> + <td>${requirements_dict[ 'type' ] | h}</td></tr> %endfor </table> @@ -190,8 +190,8 @@ <a class="action-button" href="${h.url_for( controller='repository', action='view_tool_metadata', repository_id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision, tool_id=tool_dict[ 'id' ] )}">View tool metadata</a></div></td> - <td>${tool_dict[ 'description' ]}</td> - <td>${tool_dict[ 'version' ]}</td> + <td>${tool_dict[ 'description' ] | h}</td> + <td>${tool_dict[ 'version' ] | h}</td><td><% if 'requirements' in tool_dict: @@ -206,7 +206,7 @@ requirements_str += '%s (%s), ' % ( requirement_dict[ 'name' ], requirement_dict[ 'type' ] ) requirements_str = requirements_str.rstrip( ', ' ) %> - ${requirements_str} + ${requirements_str | h} %else: none %endif @@ -233,7 +233,7 @@ <tr><td><a class="view-info" href="${h.url_for( controller='repository', action='load_invalid_tool', repository_id=trans.security.encode_id( repository.id ), tool_config=invalid_tool_config, changeset_revision=changeset_revision )}"> - ${invalid_tool_config} + ${invalid_tool_config | h} </a></td></tr> @@ -274,7 +274,7 @@ %><tr><td> - <a href="${h.url_for( controller='workflow', action='view_workflow', repository_metadata_id=repository_metadata_id, workflow_name=tool_shed_encode( workflow_name ) )}">${workflow_name}</a> + <a href="${h.url_for( controller='workflow', action='view_workflow', repository_metadata_id=repository_metadata_id, workflow_name=tool_shed_encode( workflow_name ) )}">${workflow_name | h}</a></td><td> %if steps: @@ -283,8 +283,8 @@ unknown %endif </td> - <td>${format_version}</td> - <td>${annotation}</td> + <td>${format_version | h}</td> + <td>${annotation | h}</td></tr> %endfor </table> @@ -317,10 +317,10 @@ subclass = datatypes_dict.get( 'subclass', ' ' ) %><tr> - <td>${extension}</td> - <td>${dtype}</td> - <td>${mimetype}</td> - <td>${subclass}</td> + <td>${extension | h}</td> + <td>${dtype | h}</td> + <td>${mimetype | h}</td> + <td>${subclass | h}</td></tr> %endfor </table> https://bitbucket.org/galaxy/galaxy-central/changeset/a8ac1dbc787a/ changeset: a8ac1dbc787a user: dan date: 2012-10-23 17:06:06 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/contact_owner.mako. affected #: 1 file diff -r d2b0c51105347748ce6863ab0a217c86daa295c8 -r a8ac1dbc787aed0e81050a0ced93b6d97335f427 templates/webapps/community/repository/contact_owner.mako --- a/templates/webapps/community/repository/contact_owner.mako +++ b/templates/webapps/community/repository/contact_owner.mako @@ -50,7 +50,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">View change log</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_download: <a class="action-button" href="${h.url_for( controller='repository', action='download', repository_id=trans.app.security.encode_id( repository.id ), changeset_revision=repository.tip, file_type='gz' )}">Download as a .tar.gz file</a> @@ -66,7 +66,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Contact the owner of the repository named '${repository.name}'</div> + <div class="toolFormTitle">Contact the owner of the repository named '${repository.name | h}'</div><div class="toolFormBody"><div class="form-row"> This feature is intended to streamline appropriate communication between https://bitbucket.org/galaxy/galaxy-central/changeset/80d3c1980287/ changeset: 80d3c1980287 user: dan date: 2012-10-23 17:06:06 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/create_repository.mako. affected #: 1 file diff -r a8ac1dbc787aed0e81050a0ced93b6d97335f427 -r 80d3c198028702dbc06e6a3c965d9f98101c8632 templates/webapps/community/repository/create_repository.mako --- a/templates/webapps/community/repository/create_repository.mako +++ b/templates/webapps/community/repository/create_repository.mako @@ -20,18 +20,18 @@ <form name="create_repository_form" id="create_repository_form" action="${h.url_for( controller='repository', action='create_repository' )}" method="post" ><div class="form-row"><label>Name:</label> - <input name="name" type="textfield" value="${name}" size="40"/> + <input name="name" type="textfield" value="${name | h}" size="40"/><div style="clear: both"></div></div><div class="form-row"><label>Synopsis:</label> - <input name="description" type="textfield" value="${description}" size="80"/> + <input name="description" type="textfield" value="${description | h}" size="80"/><div style="clear: both"></div></div><div class="form-row"><label>Detailed description:</label> %if long_description: - <pre><textarea name="long_description" rows="3" cols="80">${long_description}</textarea></pre> + <pre><textarea name="long_description" rows="3" cols="80">${long_description | h}</textarea></pre> %else: <textarea name="long_description" rows="3" cols="80"></textarea> %endif @@ -43,9 +43,9 @@ <select name="category_id" multiple> %for category in categories: %if category.id in selected_categories: - <option value="${trans.security.encode_id( category.id )}" selected>${category.name}</option> + <option value="${trans.security.encode_id( category.id )}" selected>${category.name | h}</option> %else: - <option value="${trans.security.encode_id( category.id )}">${category.name}</option> + <option value="${trans.security.encode_id( category.id )}">${category.name | h}</option> %endif %endfor </select> https://bitbucket.org/galaxy/galaxy-central/changeset/4163748b0a93/ changeset: 4163748b0a93 user: dan date: 2012-10-23 17:06:06 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/find_tools.mako. affected #: 1 file diff -r 80d3c198028702dbc06e6a3c965d9f98101c8632 -r 4163748b0a93004b390e1e53952e2ebce30ec750 templates/webapps/community/repository/find_tools.mako --- a/templates/webapps/community/repository/find_tools.mako +++ b/templates/webapps/community/repository/find_tools.mako @@ -35,17 +35,17 @@ <form name="find_tools" id="find_tools" action="${h.url_for( controller='repository', action='find_tools' )}" method="post" ><div class="form-row"><label>Tool id:</label> - <input name="tool_id" type="textfield" value="${tool_id}" size="40"/> + <input name="tool_id" type="textfield" value="${tool_id | h}" size="40"/></div><div style="clear: both"></div><div class="form-row"><label>Tool name:</label> - <input name="tool_name" type="textfield" value="${tool_name}" size="40"/> + <input name="tool_name" type="textfield" value="${tool_name | h}" size="40"/></div><div style="clear: both"></div><div class="form-row"><label>Tool version:</label> - <input name="tool_version" type="textfield" value="${tool_version}" size="40"/> + <input name="tool_version" type="textfield" value="${tool_version | h}" size="40"/></div><div style="clear: both"></div><div class="form-row"> https://bitbucket.org/galaxy/galaxy-central/changeset/119b61fcc0f2/ changeset: 119b61fcc0f2 user: dan date: 2012-10-23 17:06:11 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/find_workflows.mako. affected #: 1 file diff -r 4163748b0a93004b390e1e53952e2ebce30ec750 -r 119b61fcc0f27eda4460a0a4debea1944bac1ba6 templates/webapps/community/repository/find_workflows.mako --- a/templates/webapps/community/repository/find_workflows.mako +++ b/templates/webapps/community/repository/find_workflows.mako @@ -34,7 +34,7 @@ <div style="clear: both"></div><div class="form-row"><label>Workflow name:</label> - <input name="workflow_name" type="textfield" value="${workflow_name}" size="40"/> + <input name="workflow_name" type="textfield" value="${workflow_name | h}" size="40"/></div><div style="clear: both"></div><div class="form-row"> https://bitbucket.org/galaxy/galaxy-central/changeset/c5c5b77e7beb/ changeset: c5c5b77e7beb user: dan date: 2012-10-23 17:06:11 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/manage_repository.mako. affected #: 1 file diff -r 119b61fcc0f27eda4460a0a4debea1944bac1ba6 -r c5c5b77e7bebb2587f1567385d58338fec604513 templates/webapps/community/repository/manage_repository.mako --- a/templates/webapps/community/repository/manage_repository.mako +++ b/templates/webapps/community/repository/manage_repository.mako @@ -82,7 +82,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='rate_repository', id=trans.app.security.encode_id( repository.id ) )}">Rate repository</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_contact_owner: <a class="action-button" href="${h.url_for( controller='repository', action='contact_owner', id=trans.security.encode_id( repository.id ) )}">Contact repository owner</a> @@ -137,7 +137,7 @@ <p/> %endif <div class="toolForm"> - <div class="toolFormTitle">Repository '${repository.name}'</div> + <div class="toolFormTitle">Repository '${repository.name | h}'</div><div class="toolFormBody"><form name="edit_repository" id="edit_repository" action="${h.url_for( controller='repository', action='manage_repository', id=trans.security.encode_id( repository.id ) )}" method="post" > %if can_download: @@ -151,7 +151,7 @@ %if repository.times_downloaded > 0: ${repository.name} %else: - <input name="repo_name" type="textfield" value="${repository.name}" size="40"/> + <input name="repo_name" type="textfield" value="${repository.name | h}" size="40"/> %endif <div class="toolParamHelp" style="clear: both;"> Repository names cannot be changed if the repository has been cloned. @@ -160,13 +160,13 @@ </div><div class="form-row"><label>Synopsis:</label> - <input name="description" type="textfield" value="${description}" size="80"/> + <input name="description" type="textfield" value="${description | h}" size="80"/><div style="clear: both"></div></div><div class="form-row"><label>Detailed description:</label> %if long_description: - <pre><textarea name="long_description" rows="3" cols="80">${long_description}</textarea></pre> + <pre><textarea name="long_description" rows="3" cols="80">${long_description | h}</textarea></pre> %else: <textarea name="long_description" rows="3" cols="80"></textarea> %endif @@ -175,27 +175,27 @@ <div class="form-row"><label>Revision:</label> %if can_view_change_log: - <a href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">${revision_label}</a> + <a href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">${revision_label | h}</a> %else: - ${revision_label} + ${revision_label | h} %endif </div><div class="form-row"><label>Owner:</label> - ${repository.user.username} + ${repository.user.username | h} </div><div class="form-row"><label>Times downloaded:</label> - ${repository.times_downloaded} + ${repository.times_downloaded | h} </div> %if is_admin: <div class="form-row"><label>Location:</label> - ${repository.repo_path} + ${repository.repo_path | h} </div><div class="form-row"><label>Deleted:</label> - ${repository.deleted} + ${repository.deleted | h} </div> %endif <div class="form-row"> @@ -215,9 +215,9 @@ <select name="category_id" multiple> %for category in categories: %if category.id in selected_categories: - <option value="${trans.security.encode_id( category.id )}" selected>${category.name}</option> + <option value="${trans.security.encode_id( category.id )}" selected>${category.name | h}</option> %else: - <option value="${trans.security.encode_id( category.id )}">${category.name}</option> + <option value="${trans.security.encode_id( category.id )}">${category.name | h}</option> %endif %endfor </select> @@ -258,14 +258,14 @@ <div class="toolFormBody"><table class="grid"><tr> - <td>${repository.user.username}</td> + <td>${repository.user.username | h}</td><td>owner</td><td> </td></tr> %for username in current_allow_push_list: %if username != repository.user.username: <tr> - <td>${username}</td> + <td>${username | h}</td><td>write</td><td><a class="action-button" href="${h.url_for( controller='repository', action='manage_repository', id=trans.security.encode_id( repository.id ), user_access_button='Remove', remove_auth=username )}">remove</a></tr> @@ -295,7 +295,7 @@ <div class="toolFormBody"><div class="form-row"><label>Times Rated:</label> - ${num_ratings} + ${num_ratings | h} <div style="clear: both"></div></div><div class="form-row"> @@ -329,9 +329,9 @@ %><tr><td>${render_star_rating( name, review.rating, disabled=True )}</td> - <td><pre>${review.comment}</pre></td> + <td><pre>${review.comment | h}</pre></td><td>${time_ago( review.update_time )}</td> - <td>${review.user.username}</td> + <td>${review.user.username | h}</td></tr> %endfor </table> https://bitbucket.org/galaxy/galaxy-central/changeset/645953b633e2/ changeset: 645953b633e2 user: dan date: 2012-10-23 17:06:12 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/preview_tools_in_changeset.mako. affected #: 1 file diff -r c5c5b77e7bebb2587f1567385d58338fec604513 -r 645953b633e220d76128b4c68172549cd07d6dc8 templates/webapps/community/repository/preview_tools_in_changeset.mako --- a/templates/webapps/community/repository/preview_tools_in_changeset.mako +++ b/templates/webapps/community/repository/preview_tools_in_changeset.mako @@ -53,7 +53,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Repository ${repository.name}</div> + <div class="toolFormTitle">Repository ${repository.name | h}</div><div class="toolFormBody"> %if len( changeset_revision_select_field.options ) > 1: <form name="change_revision" id="change_revision" action="${h.url_for( controller='repository', action='preview_tools_in_changeset', repository_id=trans.security.encode_id( repository.id ) )}" method="post" > @@ -64,7 +64,7 @@ else: tip_str = '' %> - ${changeset_revision_select_field.get_html()} <i>${tip_str}</i> + ${changeset_revision_select_field.get_html()} <i>${tip_str | h}</i><div class="toolParamHelp" style="clear: both;"> Select a revision to inspect and download versions of tools from this repository. </div> @@ -73,7 +73,7 @@ %else: <div class="form-row"><label>Revision:</label> - ${revision_label} + ${revision_label | h} </div> %endif </div> https://bitbucket.org/galaxy/galaxy-central/changeset/967d90f0fd7f/ changeset: 967d90f0fd7f user: dan date: 2012-10-23 17:06:12 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/rate_repository.mako. affected #: 1 file diff -r 645953b633e220d76128b4c68172549cd07d6dc8 -r 967d90f0fd7fe97acd0e636f1df99a0851e29527 templates/webapps/community/repository/rate_repository.mako --- a/templates/webapps/community/repository/rate_repository.mako +++ b/templates/webapps/community/repository/rate_repository.mako @@ -91,7 +91,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">View change log</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_contact_owner: <a class="action-button" href="${h.url_for( controller='repository', action='contact_owner', id=trans.security.encode_id( repository.id ) )}">Contact repository owner</a> @@ -107,7 +107,7 @@ %if repository.user != trans.user: <div class="toolForm"> - <div class="toolFormTitle">${repository.name}</div> + <div class="toolFormTitle">${repository.name | h}</div> %if can_download: <div class="form-row"><label>Clone this repository:</label> @@ -117,17 +117,17 @@ <div class="toolFormBody"><div class="form-row"><label>Description:</label> - ${repository.description} + ${repository.description | h} <div style="clear: both"></div></div><div class="form-row"><label>Version:</label> - ${repository.revision} + ${repository.revision | h} <div style="clear: both"></div></div><div class="form-row"><label>Owner:</label> - ${repository.user.username} + ${repository.user.username | h} <div style="clear: both"></div></div></div> @@ -139,7 +139,7 @@ <form id="rate_repository" name="rate_repository" action="${h.url_for( controller='repository', action='rate_repository', id=trans.security.encode_id( repository.id ) )}" method="post"><div class="form-row"><label>Times Rated:</label> - ${num_ratings} + ${num_ratings | h} <div style="clear: both"></div></div><div class="form-row"> @@ -162,7 +162,7 @@ <label>Review:</label> %if rra and rra.comment: <div class="form-row-input"> - <pre><textarea name="comment" rows="5" cols="80">${rra.comment}</textarea></pre> + <pre><textarea name="comment" rows="5" cols="80">${rra.comment | h}</textarea></pre></div> %else: <div class="form-row-input"> @@ -202,9 +202,9 @@ %><tr><td>${render_star_rating( name, review.rating, disabled=True )}</td> - <td><pre>${review.comment}</pre></td> + <td><pre>${review.comment | h}</pre></td><td>${time_ago( review.update_time )}</td> - <td>${review.user.username}</td> + <td>${review.user.username | h}</td></tr> %endfor </table> https://bitbucket.org/galaxy/galaxy-central/changeset/fdab5aaf2c7b/ changeset: fdab5aaf2c7b user: dan date: 2012-10-23 17:06:12 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/tool_form.mako. affected #: 1 file diff -r 967d90f0fd7fe97acd0e636f1df99a0851e29527 -r fdab5aaf2c7be522c8dbabcea2d9d8e89710c925 templates/webapps/community/repository/tool_form.mako --- a/templates/webapps/community/repository/tool_form.mako +++ b/templates/webapps/community/repository/tool_form.mako @@ -177,8 +177,8 @@ %endif %if tool: - <div class="toolForm" id="${tool.id}"> - <div class="toolFormTitle">${tool.name} (version ${tool.version})</div> + <div class="toolForm" id="${tool.id | h}"> + <div class="toolFormTitle">${tool.name | h} (version ${tool.version | h})</div><div class="toolFormBody"><form id="tool_form" name="tool_form" action="" method="get"><input type="hidden" name="tool_state" value="${util.object_to_string( tool_state.encode( tool, app ) )}"> https://bitbucket.org/galaxy/galaxy-central/changeset/364d8ba060c0/ changeset: 364d8ba060c0 user: dan date: 2012-10-23 17:06:12 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/upload.mako. affected #: 1 file diff -r fdab5aaf2c7be522c8dbabcea2d9d8e89710c925 -r 364d8ba060c0cd039071842b7b4a1a78db6389ff templates/webapps/community/repository/upload.mako --- a/templates/webapps/community/repository/upload.mako +++ b/templates/webapps/community/repository/upload.mako @@ -82,7 +82,7 @@ <div class="form-row"><label>Url:</label><div class="form-row-input"> - <input name="url" type="textfield" value="${url}" size="40"/> + <input name="url" type="textfield" value="${url | h}" size="40"/></div><div class="toolParamHelp" style="clear: both;"> Enter a URL to upload your files via http. @@ -141,7 +141,7 @@ <label>Change set commit message:</label><div class="form-row-input"> %if commit_message: - <pre><textarea name="commit_message" rows="3" cols="35">${commit_message}</textarea></pre> + <pre><textarea name="commit_message" rows="3" cols="35">${commit_message | h}</textarea></pre> %else: <textarea name="commit_message" rows="3" cols="35"></textarea> %endif https://bitbucket.org/galaxy/galaxy-central/changeset/7a9b86fd9eaf/ changeset: 7a9b86fd9eaf user: dan date: 2012-10-23 17:06:17 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/view_changelog.mako. affected #: 1 file diff -r 364d8ba060c0cd039071842b7b4a1a78db6389ff -r 7a9b86fd9eaf16ed57b75d771f86bc26e775945e templates/webapps/community/repository/view_changelog.mako --- a/templates/webapps/community/repository/view_changelog.mako +++ b/templates/webapps/community/repository/view_changelog.mako @@ -78,7 +78,7 @@ %if can_download: <div class="toolForm"> - <div class="toolFormTitle">${repository.name}</div> + <div class="toolFormTitle">${repository.name | h}</div><div class="toolFormBody"><div class="form-row"><label>Clone this repository:</label> @@ -95,7 +95,7 @@ else: title_str = '%s changesets' % repository.name %> - <div class="toolFormTitle">${title_str}</div> + <div class="toolFormTitle">${title_str | h}</div><% test_date = None %><div class="toolFormBody"><table class="grid"> @@ -128,23 +128,23 @@ %endif <div class="form-row"><label>Description:</label> - <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_str )}">${changeset[ 'description' ]}</a> + <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_str )}">${changeset[ 'description' ] | h}</a></div><div class="form-row"><label>Commit:</label> - <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_str )}">${changeset_str}</a> + <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_str )}">${changeset_str | h}</a></div><div class="form-row"><label>Parent:</label> %if ctx_parent_str == 'None': ${ctx_parent_str} %else: - <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_parent )}">${ctx_parent_str}</a> + <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_parent )}">${ctx_parent_str | h}</a> %endif </div><div class="form-row"><label>Commited by:</label> - ${changeset[ 'user' ].split()[0]} + ${changeset[ 'user' ].split()[0] | h} </div><div class="form-row"><label>Pushed:</label> https://bitbucket.org/galaxy/galaxy-central/changeset/3740010dbe9e/ changeset: 3740010dbe9e user: dan date: 2012-10-23 17:06:17 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/view_changeset.mako. affected #: 1 file diff -r 7a9b86fd9eaf16ed57b75d771f86bc26e775945e -r 3740010dbe9eb5ae14cbee1ea0458b35e887eef2 templates/webapps/community/repository/view_changeset.mako --- a/templates/webapps/community/repository/view_changeset.mako +++ b/templates/webapps/community/repository/view_changeset.mako @@ -82,7 +82,7 @@ %if can_download: <div class="toolForm"> - <div class="toolFormTitle">${repository.name}</div> + <div class="toolFormTitle">${repository.name | h}</div><div class="toolFormBody"><div class="form-row"><label>Clone this repository:</label> @@ -99,7 +99,7 @@ else: title_str = '%s changeset %s' % ( repository.name, ctx ) %> - <div class="toolFormTitle">${title_str}</div> + <div class="toolFormTitle">${title_str | h}</div><div class="toolFormBody"><table class="grid"> %if modified: @@ -107,7 +107,7 @@ <td><b>modified:</b> %for item in modified: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -117,7 +117,7 @@ <td><b>added:</b> %for item in added: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -127,7 +127,7 @@ <td><b>removed:</b> %for item in removed: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -137,7 +137,7 @@ <td><b>deleted:</b> %for item in deleted: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -147,7 +147,7 @@ <td><b>unknown:</b> %for item in unknown: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor }</td></tr> @@ -157,7 +157,7 @@ <td><b>ignored:</b> %for item in ignored: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -167,7 +167,7 @@ <td> clean: %for item in clean: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -177,7 +177,6 @@ # Read at most the first 10 lines of diff to determine the anchor ctr = 0 lines = diff.split( '\n' ) - diff = diff.replace( '\n', '<br/>' ) anchor_str = '' for line in lines: if ctr > 9: @@ -189,7 +188,7 @@ ctr += 1 %><tr><td bgcolor="#E0E0E0">${anchor_str}</td></tr> - <tr><td>${diff}</td></tr> + <tr><td>${ escape_html_add_breaks( diff ) }</td></tr> %endfor </table></div> https://bitbucket.org/galaxy/galaxy-central/changeset/2acad55c0d8b/ changeset: 2acad55c0d8b user: dan date: 2012-10-23 17:06:17 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/view_repository.mako. affected #: 1 file diff -r 3740010dbe9eb5ae14cbee1ea0458b35e887eef2 -r 2acad55c0d8bb6d7c682298b591266be1cee27d0 templates/webapps/community/repository/view_repository.mako --- a/templates/webapps/community/repository/view_repository.mako +++ b/templates/webapps/community/repository/view_repository.mako @@ -143,12 +143,12 @@ %if can_browse_contents: <a href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${repository.name}</a> %else: - ${repository.name} + ${repository.name | h} %endif </div><div class="form-row"><label>Synopsis:</label> - ${repository.description} + ${repository.description | h} </div> %if repository.long_description: ${render_long_description( repository.long_description )} @@ -158,12 +158,12 @@ %if can_view_change_log: <a href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">${revision_label}</a> %else: - ${revision_label} + ${revision_label | h} %endif </div><div class="form-row"><label>Owner:</label> - ${repository.user.username} + ${repository.user.username | h} </div><div class="form-row"><label>Times downloaded:</label> @@ -172,7 +172,7 @@ %if trans.user_is_admin(): <div class="form-row"><label>Location:</label> - ${repository.repo_path} + ${repository.repo_path | h} </div><div class="form-row"><label>Deleted:</label> @@ -189,7 +189,7 @@ <div class="toolFormBody"> %for rca in repository.categories: <div class="form-row"> - ${rca.category.name} + ${rca.category.name | h} </div> %endfor <div style="clear: both"></div> https://bitbucket.org/galaxy/galaxy-central/changeset/97ab217e3aac/ changeset: 97ab217e3aac user: dan date: 2012-10-23 17:06:17 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/view_tool_metadata.mako. affected #: 1 file diff -r 2acad55c0d8bb6d7c682298b591266be1cee27d0 -r 97ab217e3aace89120d9f34d171790c371b73f1b templates/webapps/community/repository/view_tool_metadata.mako --- a/templates/webapps/community/repository/view_tool_metadata.mako +++ b/templates/webapps/community/repository/view_tool_metadata.mako @@ -140,35 +140,35 @@ %if 'description' in tool_metadata_dict: <div class="form-row"><label>Description:</label> - ${tool_metadata_dict[ 'description' ]} + ${tool_metadata_dict[ 'description' ] | h} <div style="clear: both"></div></div> %endif %if 'id' in tool_metadata_dict: <div class="form-row"><label>Id:</label> - ${tool_metadata_dict[ 'id' ]} + ${tool_metadata_dict[ 'id' ] | h} <div style="clear: both"></div></div> %endif %if 'guid' in tool_metadata_dict: <div class="form-row"><label>Guid:</label> - ${tool_metadata_dict[ 'guid' ]} + ${tool_metadata_dict[ 'guid' ] | h} <div style="clear: both"></div></div> %endif %if 'version' in tool_metadata_dict: <div class="form-row"><label>Version:</label> - ${tool_metadata_dict[ 'version' ]} + ${tool_metadata_dict[ 'version' ] | h} <div style="clear: both"></div></div> %endif %if 'version_string_cmd' in tool_metadata_dict: <div class="form-row"><label>Version command string:</label> - ${tool_metadata_dict[ 'version_string_cmd' ]} + ${tool_metadata_dict[ 'version_string_cmd' ] | h} <div style="clear: both"></div></div> %endif @@ -184,9 +184,9 @@ <tr><td> %if guid == tool_metadata_dict[ 'guid' ]: - ${guid} <b>(this tool)</b> + ${guid | h} <b>(this tool)</b> %else: - ${guid} + ${guid | h} %endif </td></tr> @@ -224,9 +224,9 @@ requirement_type = requirement_dict[ 'type' ] or 'not provided' %><tr> - <td>${requirement_name}</td> - <td>${requirement_version}</td> - <td>${requirement_type}</td> + <td>${requirement_name | h}</td> + <td>${requirement_version | h}</td> + <td>${requirement_type | h}</td></tr> %endfor </table> @@ -245,27 +245,27 @@ </div><div class="form-row"><label>Command:</label> - <pre>${tool.command}</pre> + <pre>${tool.command | h}</pre><div style="clear: both"></div></div><div class="form-row"><label>Interpreter:</label> - ${tool.interpreter} + ${tool.interpreter | h} <div style="clear: both"></div></div><div class="form-row"><label>Is multi-byte:</label> - ${tool.is_multi_byte} + ${tool.is_multi_byte | h} <div style="clear: both"></div></div><div class="form-row"><label>Forces a history refresh:</label> - ${tool.force_history_refresh} + ${tool.force_history_refresh | h} <div style="clear: both"></div></div><div class="form-row"><label>Parallelism:</label> - ${tool.parallelism} + ${tool.parallelism | h} <div style="clear: both"></div></div> %endif @@ -299,17 +299,17 @@ <td>${test_dict[ 'name' ]}</td><td> %for input in inputs: - <b>${input[0]}:</b> ${input[1]}<br/> + <b>${input[0]}:</b> ${input[1] | h}<br/> %endfor </td><td> %for output in outputs: - <b>${output[0]}:</b> ${output[1]}<br/> + <b>${output[0]}:</b> ${output[1] | h}<br/> %endfor </td><td> %for required_file in required_files: - ${required_file}<br/> + ${required_file | h}<br/> %endfor </td></tr> https://bitbucket.org/galaxy/galaxy-central/changeset/44ccf4eb910c/ changeset: 44ccf4eb910c user: dan date: 2012-10-23 17:06:17 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/view_workflow.mako. affected #: 1 file diff -r 97ab217e3aace89120d9f34d171790c371b73f1b -r 44ccf4eb910ce9e9ac8638675f403a80930a38fc templates/webapps/community/repository/view_workflow.mako --- a/templates/webapps/community/repository/view_workflow.mako +++ b/templates/webapps/community/repository/view_workflow.mako @@ -96,7 +96,7 @@ ${render_msg( message, status )} %endif -<div class="toolFormTitle">${workflow_name}</div> +<div class="toolFormTitle">${workflow_name | h}</div><div class="form-row"><b>Boxes are red when tools are not available in this repository</b><div class="toolParamHelp" style="clear: both;"> https://bitbucket.org/galaxy/galaxy-central/changeset/3d7e5bbeaf8d/ changeset: 3d7e5bbeaf8d user: dan date: 2012-10-23 17:06:23 summary: HTML escape values that could be set by the user in templates/webapps/community/repository_review/browse_review.mako. affected #: 1 file diff -r 44ccf4eb910ce9e9ac8638675f403a80930a38fc -r 3d7e5bbeaf8d3e76a7857ce67e5540109fcf29ce templates/webapps/community/repository_review/browse_review.mako --- a/templates/webapps/community/repository_review/browse_review.mako +++ b/templates/webapps/community/repository_review/browse_review.mako @@ -34,7 +34,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Review of repository '${repository.name}'</div> + <div class="toolFormTitle">Review of repository '${repository.name | h}'</div><div class="toolFormBody"><div class="form-row"><label>Reviewer:</label> @@ -43,17 +43,17 @@ </div><div class="form-row"><label>Repository revision:</label> - <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=review.changeset_revision )}">${changeset_revision_label}</a> + <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=review.changeset_revision )}">${changeset_revision_label | h}</a><div style="clear: both"></div></div><div class="form-row"><label>Repository owner:</label> - ${repository.user.username} + ${repository.user.username | h} <div style="clear: both"></div></div><div class="form-row"><label>Repository synopsis:</label> - ${repository.description} + ${repository.description | h} <div style="clear: both"></div></div><div class="form-row"> @@ -70,11 +70,10 @@ # Initialize star rating. rating_name = '%s%srating' % ( component.name, STRSEP ) - review_comment = component_review.comment.replace( '\n', '<br/>' ) %><tr> - <td bgcolor="#D8D8D8"><b>${component.name}</b></td> - <td bgcolor="#D8D8D8">${component.description}</td> + <td bgcolor="#D8D8D8"><b>${component.name | h}</b></td> + <td bgcolor="#D8D8D8">${component.description | h}</td></tr><tr><td colspan="2"> @@ -93,7 +92,7 @@ <tr><td><div overflow-wrap:normal;overflow:hidden;word-break:keep-all;word-wrap:break-word;line-break:strict;> - ${review_comment} + ${ escape_html_add_breaks( component_review.comment ) } </div></td></tr> @@ -101,7 +100,7 @@ <tr><td><label>Approved:</label> - ${component_review.approved} + ${component_review.approved | h} <div style="clear: both"></div></td></tr> https://bitbucket.org/galaxy/galaxy-central/changeset/2d86b224395e/ changeset: 2d86b224395e user: dan date: 2012-10-23 17:06:23 summary: HTML escape values that could be set by the user in templates/webapps/community/repository_review/create_component.mako. affected #: 1 file diff -r 3d7e5bbeaf8d3e76a7857ce67e5540109fcf29ce -r 2d86b224395ea5a3efb847bb67b4bb8a893c70cb templates/webapps/community/repository_review/create_component.mako --- a/templates/webapps/community/repository_review/create_component.mako +++ b/templates/webapps/community/repository_review/create_component.mako @@ -20,11 +20,11 @@ <form name="create_component" id="create_component" action="${h.url_for( controller='repository_review', action='create_component' )}" method="post" ><div class="form-row"><label>Name:</label> - <input name="name" type="textfield" value="${name}" size=40"/> + <input name="name" type="textfield" value="${name | h}" size=40"/></div><div class="form-row"><label>Description:</label> - <input name="description" type="textfield" value="${description}" size=40"/> + <input name="description" type="textfield" value="${description | h}" size=40"/></div><div class="form-row"><input type="submit" name="create_component_button" value="Save"/> https://bitbucket.org/galaxy/galaxy-central/changeset/afea7bdcd557/ changeset: afea7bdcd557 user: dan date: 2012-10-23 17:06:23 summary: HTML escape values that could be set by the user in templates/webapps/community/repository_review/edit_component.mako. affected #: 1 file diff -r 2d86b224395ea5a3efb847bb67b4bb8a893c70cb -r afea7bdcd55755c780f9226e4b12a55dbbbd8591 templates/webapps/community/repository_review/edit_component.mako --- a/templates/webapps/community/repository_review/edit_component.mako +++ b/templates/webapps/community/repository_review/edit_component.mako @@ -12,14 +12,14 @@ <div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - ${component.name} + ${component.name | h} </div><div style="clear: both"></div></div><div class="form-row"><label>Description:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input name="description" type="textfield" value="${component.description}" size=40"/> + <input name="description" type="textfield" value="${component.description | h}" size=40"/></div><div style="clear: both"></div></div> https://bitbucket.org/galaxy/galaxy-central/changeset/87ce7c44d11c/ changeset: 87ce7c44d11c user: dan date: 2012-10-23 17:06:23 summary: HTML escape values that could be set by the user in templates/webapps/community/repository_review/edit_review.mako. affected #: 1 file diff -r afea7bdcd55755c780f9226e4b12a55dbbbd8591 -r 87ce7c44d11c1d1c874c4564f0acfd32304dd3a4 templates/webapps/community/repository_review/edit_review.mako --- a/templates/webapps/community/repository_review/edit_review.mako +++ b/templates/webapps/community/repository_review/edit_review.mako @@ -35,7 +35,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">My review of repository '${repository.name}'</div> + <div class="toolFormTitle">My review of repository '${repository.name | h}'</div><div class="toolFormBody"><form name="edit_review" action="${h.url_for( controller='repository_review', action='edit_review', id=trans.security.encode_id( review.id ) )}" method="post" ><div class="form-row"> @@ -45,12 +45,12 @@ </div><div class="form-row"><label>Repository owner:</label> - ${repository.user.username} + ${repository.user.username | h} <div style="clear: both"></div></div><div class="form-row"><label>Repository synopsis:</label> - ${repository.description} + ${repository.description | h} <div style="clear: both"></div></div><div class="form-row"> @@ -108,8 +108,8 @@ review_button_name = '%s%sreview_button' % ( component_name, STRSEP ) %><tr> - <td bgcolor="#D8D8D8"><b>${component.name}</b></td> - <td bgcolor="#D8D8D8">${component.description}</td> + <td bgcolor="#D8D8D8"><b>${component.name | h}</b></td> + <td bgcolor="#D8D8D8">${component.description | h}</td></tr><tr><td colspan="2"> @@ -128,7 +128,7 @@ <td><label>Comments:</label> %if component_review: - <pre><textarea name="${comment_name}" rows="3" cols="80">${comment}</textarea></pre> + <pre><textarea name="${comment_name}" rows="3" cols="80">${comment | h}</textarea></pre> %else: <textarea name="${comment_name}" rows="3" cols="80"></textarea> %endif https://bitbucket.org/galaxy/galaxy-central/changeset/a3b6a7ad9687/ changeset: a3b6a7ad9687 user: dan date: 2012-10-23 17:06:23 summary: HTML escape values that could be set by the user in templates/webapps/community/repository_review/reviews_of_changeset_revision.mako. affected #: 1 file diff -r 87ce7c44d11c1d1c874c4564f0acfd32304dd3a4 -r a3b6a7ad9687d84f950078ebd9a4e797aa5f337e templates/webapps/community/repository_review/reviews_of_changeset_revision.mako --- a/templates/webapps/community/repository_review/reviews_of_changeset_revision.mako +++ b/templates/webapps/community/repository_review/reviews_of_changeset_revision.mako @@ -73,16 +73,16 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Revision reviews of repository '${repository.name}'</div> + <div class="toolFormTitle">Revision reviews of repository '${repository.name | h}'</div><div class="toolFormBody"><div class="form-row"><label>Revision:</label> - <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label}</a> + <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label | h}</a><div style="clear: both"></div></div><div class="form-row"><label>Revision is installable:</label> - ${installable_str} + ${installable_str | h} <div style="clear: both"></div></div><div class="form-row"> @@ -109,7 +109,7 @@ <tr><td><div style="float:left;" class="menubutton split popup" id="${encoded_review_id}-popup"> - <a class="view-info" href="${h.url_for( controller='repository_review', action='repository_reviews_by_user', id=trans.security.encode_id( review.user.id ) )}">${review.user.username}</a> + <a class="view-info" href="${h.url_for( controller='repository_review', action='repository_reviews_by_user', id=trans.security.encode_id( review.user.id ) )}">${review.user.username | h}</a></div><div popupmenu="${encoded_review_id}-popup"> %if review.user == trans.user: @@ -126,7 +126,7 @@ <td><input type="submit" name="approve_repository_review_button" value="Save"/></td></form> %else: - <td>${approved_str}</td> + <td>${approved_str | h}</td><td></td> %endif </tr> https://bitbucket.org/galaxy/galaxy-central/changeset/887af9525287/ changeset: 887af9525287 user: dan date: 2012-10-23 17:06:27 summary: HTML escape values that could be set by the user in templates/webapps/community/repository_review/reviews_of_repository.mako. affected #: 1 file diff -r a3b6a7ad9687d84f950078ebd9a4e797aa5f337e -r 887af9525287ea51e2286c9b00ce694cb68dd817 templates/webapps/community/repository_review/reviews_of_repository.mako --- a/templates/webapps/community/repository_review/reviews_of_repository.mako +++ b/templates/webapps/community/repository_review/reviews_of_repository.mako @@ -55,7 +55,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='rate_repository', id=trans.security.encode_id( repository.id ) )}">Rate repository</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_contact_owner: <a class="action-button" href="${h.url_for( controller='repository', action='contact_owner', id=trans.security.encode_id( repository.id ) )}">Contact repository owner</a> @@ -68,7 +68,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">${title}</div> + <div class="toolFormTitle">${title | h}</div><div class="toolFormBody"><div class="form-row"><table class="grid"> @@ -102,7 +102,7 @@ <tr><td><div style="float:left;" class="menubutton split popup" id="${changeset_revision}-popup"> - <a class="view-info" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label}</a> + <a class="view-info" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label | h}</a></div><div popupmenu="${changeset_revision}-popup"> %if repository_reviews: @@ -113,7 +113,7 @@ </div></td><td>${reviewers_str}</td> - <td>${installable_str}</td> + <td>${installable_str | h}</td></tr> %endfor </table> https://bitbucket.org/galaxy/galaxy-central/changeset/92237db0cd58/ changeset: 92237db0cd58 user: dan date: 2012-10-23 17:06:27 summary: HTML escape values that could be set by the user in templates/webapps/community/repository_review/select_previous_review.mako. affected #: 1 file diff -r 887af9525287ea51e2286c9b00ce694cb68dd817 -r 92237db0cd58f97a24787d451ab5a4d9738452bd templates/webapps/community/repository_review/select_previous_review.mako --- a/templates/webapps/community/repository_review/select_previous_review.mako +++ b/templates/webapps/community/repository_review/select_previous_review.mako @@ -67,23 +67,23 @@ %endif <div class="warningmessage"> - You have elected to create a new review for revision <b>${changeset_revision_label}</b>of this repository. Since previous revisions have been reviewed, + You have elected to create a new review for revision <b>${changeset_revision_label | h}</b>of this repository. Since previous revisions have been reviewed, you can select a previous review to copy to your new review, or click the <b>Create a review without copying</b> button. </div><div class="toolForm"> - <div class="toolFormTitle">Select previous revision review of repository '${repository.name}'</div> + <div class="toolFormTitle">Select previous revision review of repository '${repository.name | h}'</div><div class="toolFormBody"><div class="form-row"><label>Revision for new review:</label> - <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label}</a> + <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label | h}</a><div style="clear: both"></div></div><div class="form-row"><table class="grid"><tr></tr> - <td bgcolor="#D8D8D8" colspan="4"><b>Previous revision reviews of repository '${repository.name}' that can be copied to your new review</b></td> + <td bgcolor="#D8D8D8" colspan="4"><b>Previous revision reviews of repository '${repository.name | h}' that can be copied to your new review</b></td><tr><th>Reviewer</th><th>Revision reviewed</th> @@ -107,15 +107,15 @@ <tr><td><div style="float:left;" class="menubutton split popup" id="${encoded_review_id}-popup"> - <a class="view-info" href="${h.url_for( controller='repository_review', action='browse_review', id=encoded_review_id )}">${review.user.username}</a> + <a class="view-info" href="${h.url_for( controller='repository_review', action='browse_review', id=encoded_review_id )}">${review.user.username | h}</a></div><div popupmenu="${encoded_review_id}-popup"><a class="action-button" href="${h.url_for( controller='repository_review', action='create_review', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision, previous_review_id=encoded_review_id )}">Copy this review</a></div></td> - <td>${previous_changeset_revision_label}</td> + <td>${previous_changeset_revision_label | h}</td><td>${render_star_rating( repository_rating_name, review.rating, disabled=True )}</td> - <td>${approved_str}</td> + <td>${approved_str | h}</td></tr> %endfor %endfor https://bitbucket.org/galaxy/galaxy-central/changeset/fba4cbb570ae/ changeset: fba4cbb570ae user: dan date: 2012-10-23 17:06:28 summary: HTML escape values that could be set by the user in templates/webapps/community/user/manage_email_alerts.mako. affected #: 1 file diff -r 92237db0cd58f97a24787d451ab5a4d9738452bd -r fba4cbb570ae95874383509edeaa6b5e955f8782 templates/webapps/community/user/manage_email_alerts.mako --- a/templates/webapps/community/user/manage_email_alerts.mako +++ b/templates/webapps/community/user/manage_email_alerts.mako @@ -42,8 +42,8 @@ </tr> %for repository in email_alert_repositories: <tr> - <td>${repository.name}</td> - <td>${repository.description}</td> + <td>${repository.name | h}</td> + <td>${repository.description | h}</td></tr> %endfor </table> Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.