[galaxy-commits] commit/galaxy-central: jmchilton: Sanitize object names throughout templates.

25 Nov 2014

1 new commit in galaxy-central:

https://bitbucket.org/galaxy/galaxy-central/commits/adc4aa8b3d9a/
Changeset:   adc4aa8b3d9a
Branch:      stable
User:        jmchilton
Date:        2014-11-24 15:06:11+00:00
Summary:     Sanitize object names throughout templates.
Affected #:  7 files

diff -r cae8a513079a183d16bd8a16b915d6aa5322a249 -r adc4aa8b3d9ad77ef85f8b0d7e4d90bd29775167 templates/display_base.mako

--- a/templates/display_base.mako
+++ b/templates/display_base.mako
@@ -214,7 +214,7 @@
             %else:
                 Private ${get_class_display_name( item.__class__ )}
             %endif
-            | ${get_item_name( item )}
+            | ${get_item_name( item ) | h}
             
             <div style="float: right">
                 ${self.render_item_links( item )}

diff -r cae8a513079a183d16bd8a16b915d6aa5322a249 -r adc4aa8b3d9ad77ef85f8b0d7e4d90bd29775167 templates/embed_base.mako
--- a/templates/embed_base.mako
+++ b/templates/embed_base.mako
@@ -49,7 +49,7 @@
     <div style="float: right;">
         ${self.render_item_links( item )}
     </div>
-    <h4><a class="toggle-embed" href="${display_href}" title="Show or hide ${item_display_name} content">Galaxy ${get_class_display_name( item.__class__ )} | ${get_item_name( item )}</a></h4>
+    <h4><a class="toggle-embed" href="${display_href}" title="Show or hide ${item_display_name} content">Galaxy ${get_class_display_name( item.__class__ )} | ${get_item_name( item ) | h}</a></h4>
     %if hasattr( item, "annotation") and item.annotation:
         <div class="annotation">${item.annotation}</div>
     %endif

diff -r cae8a513079a183d16bd8a16b915d6aa5322a249 -r adc4aa8b3d9ad77ef85f8b0d7e4d90bd29775167 templates/export_base.mako
--- a/templates/export_base.mako
+++ b/templates/export_base.mako
@@ -42,7 +42,7 @@
 </%def><%def name="title()">
-    Export ${get_class_display_name( item.__class__ )} '${get_item_name( item )}'
+    Export ${get_class_display_name( item.__class__ )} '${get_item_name( item ) | h}'
 </%def><%def name="stylesheets()">
@@ -108,7 +108,7 @@
     <%
         item_name = get_item_name(item)
     %>
-    <h2>Download or Export ${self.item_class_name} '${item_name}'</h2>
+    <h2>Download or Export ${self.item_class_name} '${item_name | h}'</h2>
     
     ${self.render_download_to_file(item)}
     

diff -r cae8a513079a183d16bd8a16b915d6aa5322a249 -r adc4aa8b3d9ad77ef85f8b0d7e4d90bd29775167 templates/ind_share_base.mako
--- a/templates/ind_share_base.mako
+++ b/templates/ind_share_base.mako
@@ -83,7 +83,7 @@
     %><div class="toolForm">
-        <div class="toolFormTitle">Share ${item_class_name} '${item_name}' with Another User</div>
+        <div class="toolFormTitle">Share ${item_class_name} '${item_name | h}' with Another User</div><div class="toolFormBody"><form action="${h.url_for(controller=item_controller, action='share', id=trans.security.encode_id( item.id ) )}" method="POST"><div class="form-row">

diff -r cae8a513079a183d16bd8a16b915d6aa5322a249 -r adc4aa8b3d9ad77ef85f8b0d7e4d90bd29775167 templates/sharing_base.mako
--- a/templates/sharing_base.mako
+++ b/templates/sharing_base.mako
@@ -35,7 +35,7 @@
 </%def><%def name="title()">
-    Sharing and Publishing ${get_class_display_name( item.__class__ )} '${get_item_name( item )}'
+    Sharing and Publishing ${get_class_display_name( item.__class__ )} '${get_item_name( item ) | h}'
 </%def><%def name="javascripts()">
@@ -122,7 +122,7 @@
         item_name = get_item_name(item)
     %>
 
-    <h2>Share or Publish ${item_class_name} '${item_name}'</h2>
+    <h2>Share or Publish ${item_class_name} '${item_name | h}'</h2>
 
     ## Require that user have a public username before sharing or publishing an item.
     %if trans.get_user().username is None or trans.get_user().username is "":

diff -r cae8a513079a183d16bd8a16b915d6aa5322a249 -r adc4aa8b3d9ad77ef85f8b0d7e4d90bd29775167 templates/webapps/galaxy/history/embed.mako
--- a/templates/webapps/galaxy/history/embed.mako
+++ b/templates/webapps/galaxy/history/embed.mako
@@ -20,7 +20,7 @@
         </div><h4><a class="toggle-embed" href="${display_href}" title="Show or hide history contents">
-                Galaxy History | ${get_item_name( item )}
+                Galaxy History | ${get_item_name( item ) | h}
             </a></h4>
         %if hasattr( item, "annotation") and item.annotation:

diff -r cae8a513079a183d16bd8a16b915d6aa5322a249 -r adc4aa8b3d9ad77ef85f8b0d7e4d90bd29775167 templates/webapps/galaxy/mobile/history/list.mako
--- a/templates/webapps/galaxy/mobile/history/list.mako
+++ b/templates/webapps/galaxy/mobile/history/list.mako
@@ -20,7 +20,7 @@
                         <li><a href="${h.url_for(controller='mobile', action="history_detail", id=history.id )}">
-                                ${history.name}
+                                ${history.name | h}
                             
                             <div class="secondary">${h.date.distance_of_time_in_words( history.update_time, h.date.datetime.utcnow() )} ago</div>

Repository URL: https://bitbucket.org/galaxy/galaxy-central/

--

This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.

    

[galaxy-commits] commit/galaxy-central: jmchilton: Sanitize object names throughout templates.

commits-noreply＠bitbucket.org