commit/galaxy-central: 2 new changesets
2 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/795336f22d8b/ Changeset: 795336f22d8b Branch: mako_escape_requests User: martenson Date: 2014-12-01 22:38:24+00:00 Summary: none of the requests & forms controllers used escaping so I escaped the variables exclusively in the templates Affected #: 18 files diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/forms/create_form.mako --- a/templates/admin/forms/create_form.mako +++ b/templates/admin/forms/create_form.mako @@ -9,7 +9,7 @@ <div class="toolFormTitle">Create a new form definition</div> %for label, input in inputs: <div class="form-row"> - <label>${label}</label> + <label>${label | h}</label> ${input.get_html()} <div style="clear: both"></div></div> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/forms/edit_form_definition.mako --- a/templates/admin/forms/edit_form_definition.mako +++ b/templates/admin/forms/edit_form_definition.mako @@ -96,14 +96,14 @@ <form id="edit_form_definition" name="edit_form_definition" action="${h.url_for( controller='forms', action='edit_form_definition', id=trans.security.encode_id( form_definition.current.id ) )}" method="post" ><div class="toolForm"> - <div class="toolFormTitle">Edit form definition "${form_definition.name}" (${form_definition.type})</div> + <div class="toolFormTitle">Edit form definition "${form_definition.name | h}" (${form_definition.type | h})</div> %if response_redirect: <input type="hidden" name="response_redirect" value="${response_redirect}" size="40" /> %endif %for label, input in form_details: <div class="form-row"> %if label != 'Type': - <label>${label}</label> + <label>${label | h}</label> %endif <div style="float: left; width: 250px; margin-right: 10px;"> ${input.get_html()} diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/request_type/common.mako --- a/templates/admin/request_type/common.mako +++ b/templates/admin/request_type/common.mako @@ -2,7 +2,7 @@ <div class="repeat-group-item"><div class="form-row"><label>${1+element_count}. State name:</label> - <input type="text" name="state_name_${element_count}" value="${state_name}" size="40"/> + <input type="text" name="state_name_${element_count}" value="${state_name | h}" size="40"/> ## Do not show remove button for the first state %if element_count > 0: <input type="submit" name="remove_state_button" value="Remove state ${1+element_count}"/> @@ -10,7 +10,7 @@ </div><div class="form-row"><label>Description:</label> - <input type="text" name="state_desc_${element_count}" value="${state_desc}" size="40"/> + <input type="text" name="state_desc_${element_count}" value="${state_desc | h}" size="40"/><div class="toolParamHelp" style="clear: both;"> optional </div> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/request_type/create_request_type.mako --- a/templates/admin/request_type/create_request_type.mako +++ b/templates/admin/request_type/create_request_type.mako @@ -23,7 +23,7 @@ <div class="toolFormTitle">Create a new request type</div> %for rt_info in rt_info_widgets: <div class="form-row"> - <label>${rt_info['label']}</label> + <label>${rt_info['label'] | h}</label><div style="float: left; width: 250px; margin-right: 10px;"> ${rt_info['widget'].get_html()} </div> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/request_type/edit_request_type.mako --- a/templates/admin/request_type/edit_request_type.mako +++ b/templates/admin/request_type/edit_request_type.mako @@ -32,26 +32,26 @@ <form name="edit_request_type" action="${h.url_for( controller='request_type', action='edit_request_type', id=trans.security.encode_id( request_type.id ) )}" method="post" ><div class="toolForm"> - <div class="toolFormTitle">"Edit ${request_type.name}" request type</div> + <div class="toolFormTitle">"Edit ${request_type.name | h}" request type</div><div class="form-row"><label>Name:</label> - <input type="text" name="name" value="${request_type.name}" size="40"/> + <input type="text" name="name" value="${request_type.name | }" size="40"/><div style="clear: both"></div></div><div class="form-row"><label>Description:</label> - <input type="text" name="desc" value="${request_type.desc}" size="40"/> + <input type="text" name="desc" value="${request_type.desc | h}" size="40"/><div style="clear: both"></div></div><div class="form-row"><label>Sequencing request form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name | h}</a> ## Hidden field needed by the __save_request_type() method <input type="hidden" name="request_form_id" value="${trans.security.encode_id( request_type.request_form_id )}" size="40"/></div><div class="form-row"><label>Sample form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name | h}</a> ## Hidden field needed by the __save_request_type() method <input type="hidden" name="sample_form_id" value="${trans.security.encode_id( request_type.sample_form_id )}" size="40"/></div> @@ -63,11 +63,11 @@ <div class="repeat-group-item"><div class="form-row"><label>${1+element_count}. State name:</label> - <input type="text" name="state_name_${trans.security.encode_id( state.id )}" value="${state.name}" size="40"/> + <input type="text" name="state_name_${trans.security.encode_id( state.id )}" value="${state.name | h}" size="40"/></div><div class="form-row"><label>Description:</label> - <input type="text" name="state_desc_${trans.security.encode_id( state.id )}" value="${state.desc}" size="40"/> + <input type="text" name="state_desc_${trans.security.encode_id( state.id )}" value="${state.desc | h}" size="40"/><div class="toolParamHelp" style="clear: both;"> optional </div> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/request_type/request_type_permissions.mako --- a/templates/admin/request_type/request_type_permissions.mako +++ b/templates/admin/request_type/request_type_permissions.mako @@ -48,7 +48,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Manage access permissions on request type "${request_type.name}"</div> + <div class="toolFormTitle">Manage access permissions on request type "${request_type.name | h}"</div><div class="toolFormBody"><form name="request_type_permissions" id="request_type_permissions" action="${h.url_for( controller='request_type', action='request_type_permissions', id=trans.security.encode_id( request_type.id ) )}" method="post"><div class="form-row"> @@ -65,13 +65,13 @@ in_roles.add( a.role ) out_roles = filter( lambda x: x not in in_roles, all_roles ) %> - ${action.description}<br/><br/> + ${action.description | h}<br/><br/><div style="width: 100%; white-space: nowrap;"><div style="float: left; width: 50%;"> Roles associated:<br/><select name="${action_key}_in" id="${action_key}_in_select" class="in_select" style="max-width: 98%; width: 98%; height: 150px; font-size: 100%;" multiple> %for role in in_roles: - <option value="${role.id}">${role.name}</option> + <option value="${role.id}">${role.name | h}</option> %endfor </select><br/><div style="width: 98%; text-align: right"><input type="submit" id="${action_key}_remove_button" class="role_remove_button" value=">>"/></div> @@ -80,7 +80,7 @@ Roles not associated:<br/><select name="${action_key}_out" id="${action_key}_out_select" style="max-width: 98%; width: 98%; height: 150px; font-size: 100%;" multiple> %for role in out_roles: - <option value="${role.id}">${role.name}</option> + <option value="${role.id}">${role.name | h}</option> %endfor </select><br/><input type="submit" id="${action_key}_add_button" class="role_add_button" value="<<"/> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/request_type/view_request_type.mako --- a/templates/admin/request_type/view_request_type.mako +++ b/templates/admin/request_type/view_request_type.mako @@ -30,24 +30,24 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">"${request_type.name}" request type</div> + <div class="toolFormTitle">"${request_type.name | h}" request type</div><div class="form-row"><label>Name:</label> - ${request_type.name} + ${request_type.name | h} <div style="clear: both"></div></div><div class="form-row"><label>Description:</label> - ${request_type.desc} + ${request_type.desc | h} <div style="clear: both"></div></div><div class="form-row"><label>Sequencing request form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name | h}</a></div><div class="form-row"><label>Sample form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name | h}</a></div></div><p/> @@ -55,8 +55,8 @@ <div class="toolFormTitle">Sample states defined for this request type</div> %for state in request_type.states: <div class="form-row"> - <label>${state.name}</label> - ${state.desc} + <label>${state.name | h}</label> + ${state.desc | h} </div><div style="clear: both"></div> %endfor @@ -67,8 +67,8 @@ %if request_type.external_services: %for index, external_service in enumerate( request_type.external_services ): <div class="form-row"> - <label><a href="${h.url_for( controller='external_service', action='view_external_service', id=trans.security.encode_id( external_service.id ) )}">${external_service.name}</a></label> - ${external_service.get_external_service_type( trans ).name} + <label><a href="${h.url_for( controller='external_service', action='view_external_service', id=trans.security.encode_id( external_service.id ) )}">${external_service.name | h}</a></label> + ${external_service.get_external_service_type( trans ).name | h} </div> %endfor %else: diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/requests/reject.mako --- a/templates/admin/requests/reject.mako +++ b/templates/admin/requests/reject.mako @@ -15,7 +15,7 @@ </ul><div class="toolForm"> - <div class="toolFormTitle">Reject sequencing request "${request.name}"</div> + <div class="toolFormTitle">Reject sequencing request "${request.name | h}"</div><form name="event" action="${h.url_for( controller='requests_admin', action='reject_request', id=trans.security.encode_id( request.id ) )}" method="post" ><div class="form-row"> Rejecting this request will move the request state to <b>Rejected</b>. diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/requests/rename_datasets.mako --- a/templates/admin/requests/rename_datasets.mako +++ b/templates/admin/requests/rename_datasets.mako @@ -3,7 +3,7 @@ <% from galaxy.webapps.galaxy.controllers.requests_admin import build_rename_datasets_for_sample_select_field %> -<h3>Rename datasets for Sample "${sample.name}"</h3> +<h3>Rename datasets for Sample "${sample.name | h}"</h3><ul class="manage-table-actions"><li><a class="action-button" href="${h.url_for( controller='requests_admin', action='manage_datasets', sample_id=trans.security.encode_id( sample.id ) )}">Browse datasets</a></li> @@ -35,7 +35,7 @@ ${rename_datasets_for_sample_select_field.get_html()} </td><td> - <input type="text" name="new_name_${trans.security.encode_id( sample_dataset.id ) }" value="${sample_dataset.name}" size="100"/> + <input type="text" name="new_name_${trans.security.encode_id( sample_dataset.id ) }" value="${sample_dataset.name | h}" size="100"/></td><td>${sample_dataset.file_path}</td></tr> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/requests/view_sample_dataset.mako --- a/templates/admin/requests/view_sample_dataset.mako +++ b/templates/admin/requests/view_sample_dataset.mako @@ -21,19 +21,19 @@ </ul><div class="toolForm"> - <div class="toolFormTitle">"${sample.name}" Dataset</div> + <div class="toolFormTitle">"${sample.name | h}" Dataset</div><div class="toolFormBody"><div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - ${sample_dataset.name} + ${sample_dataset.name | h} </div><div style="clear: both"></div></div><div class="form-row"><label>External service:</label><div style="float: left; width: 250px; margin-right: 10px;"> - ${sample_dataset.external_service.name} (${sample_dataset.external_service.get_external_service_type( trans ).name}) + ${sample_dataset.external_service.name | h} (${sample_dataset.external_service.get_external_service_type( trans ).name | h}) </div><div style="clear: both"></div></div> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/webapps/galaxy/requests/common/common.mako --- a/templates/webapps/galaxy/requests/common/common.mako +++ b/templates/webapps/galaxy/requests/common/common.mako @@ -257,18 +257,18 @@ <td valign="top"><input type="checkbox" name=select_sample_${sample.id} id="sample_checkbox" value="true" ${checked_str}/><input type="hidden" name=select_sample_${sample.id} id="sample_checkbox" value="true"/></td> %endif <td valign="top"> - <input type="text" name="sample_${sample_widget_index}_name" value="${sample_widget['name']}" size="10"/> + <input type="text" name="sample_${sample_widget_index}_name" value="${sample_widget['name'] | h}" size="10"/><div class="toolParamHelp" style="clear: both;"> - <i>${' (required)' }</i> + <i>(required)</i></div></td> %if display_bar_code: <td valign="top"> %if is_admin and is_submitted: - <input type="text" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code']}" size="10"/> + <input type="text" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code'] | h}" size="10"/> %else: - ${sample_widget['bar_code']} - <input type="hidden" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code']}"/> + ${sample_widget['bar_code'] | h} + <input type="hidden" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code'] | h}"/> %endif </td> %endif @@ -416,7 +416,7 @@ transferred_dataset_files = [] %><div style="float: left; margin-left: 2px;" class="menubutton split popup" id="sample-${sample.id}-popup"> - <a class="view-info" href="${h.url_for( controller='requests_common', action='view_sample', cntrller=cntrller, id=trans.security.encode_id( sample.id ) )}">${sample.name}</a> + <a class="view-info" href="${h.url_for( controller='requests_common', action='view_sample', cntrller=cntrller, id=trans.security.encode_id( sample.id ) )}">${sample.name | h}</a></div><div popupmenu="sample-${sample.id}-popup"> %if can_select_datasets: @@ -439,11 +439,11 @@ %endif </div> %else: - ${sample_widget_name} + ${sample_widget_name | h} %endif </td> %if display_bar_code: - <td>${sample_widget_bar_code}</td> + <td>${sample_widget_bar_code | h}</td> %endif %if is_unsubmitted: <td>Unsubmitted</td> @@ -451,12 +451,12 @@ <td><a id="sampleState-${sample.id}" href="${h.url_for( controller='requests_common', action='view_sample_history', cntrller=cntrller, sample_id=trans.security.encode_id( sample.id ) )}">${render_sample_state( sample )}</a></td> %endif %if sample_widget_library and library_cntrller is not None: - <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=library_cntrller, id=trans.security.encode_id( sample_widget_library.id ) )}">${sample_widget_library.name}</a></td> + <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=library_cntrller, id=trans.security.encode_id( sample_widget_library.id ) )}">${sample_widget_library.name | h}</a></td> %else: <td></td> %endif %if sample_widget_folder: - <td>${sample_widget_folder.name}</td> + <td>${sample_widget_folder.name | h}</td> %else: <td></td> %endif @@ -464,11 +464,11 @@ %if trans.user == sample_widget_history.user: <td><a target='_parent' href="${h.url_for( controller='history', action='list', operation="Switch", id=trans.security.encode_id(sample_widget_history.id), use_panels=False )}"> - ${sample_widget_history.name} + ${sample_widget_history.name | h} </a></td> %else: - <td>${sample_widget_history.name}</td> + <td>${sample_widget_history.name | h}</td> %endif %else: <td></td> @@ -477,11 +477,11 @@ %if trans.user == sample_widget_workflow.stored_workflow.user: <td><a target='_parent' href="${h.url_for( controller='workflow', action='editor', id=trans.security.encode_id(sample_widget_workflow.stored_workflow.id) )}"> - ${sample_widget_workflow.name} + ${sample_widget_workflow.name | h} </a></td> %else: - <td>${sample_widget_workflow.name}</td> + <td>${sample_widget_workflow.name | h}</td> %endif %else: <td></td> @@ -519,7 +519,7 @@ <%def name="render_sample_form( index, sample_name, sample_values, fields_dict, display_only )"><tr> - <td>${sample_name}</td> + <td>${sample_name | h}</td> %for field_index, field in fields_dict.items(): <% field_type = field[ 'type' ] @@ -532,17 +532,17 @@ %if field_type == 'WorkflowField': %if str( field_value ) != 'none': <% workflow = trans.sa_session.query( trans.app.model.StoredWorkflow ).get( int( field_value ) ) %> - <a href="${h.url_for( controller='workflow', action='run', id=trans.security.encode_id( workflow.id ) )}">${workflow.name}</a> + <a href="${h.url_for( controller='workflow', action='run', id=trans.security.encode_id( workflow.id ) )}">${workflow.name | h}</a> %endif %else: - ${field_value} + ${field_value | h} %endif %else: <i>None</i> %endif %else: %if field_type == 'TextField': - <input type="text" name="sample_${index}_field_${field_index}" value="${field_value}" size="7"/> + <input type="text" name="sample_${index}_field_${field_index}" value="${field_value | h}" size="7"/> %elif field_type == 'SelectField': <select name="sample_${index}_field_${field_index}" last_selected_value="2"> %for option_index, option in enumerate(field[ 'selectlist' ]): @@ -695,7 +695,7 @@ %if is_admin: <span class="expandLink dataset-${dataset}-click"><span class="rowIcon"></span><div style="float: left; margin-left: 2px;" class="menubutton split popup" id="dataset-${dataset.id}-popup"> - <a class="dataset-${encoded_id}-click" href="${h.url_for( controller='requests_admin', action='manage_datasets', operation='view', id=trans.security.encode_id( dataset.id ) )}">${dataset.name}</a> + <a class="dataset-${encoded_id}-click" href="${h.url_for( controller='requests_admin', action='manage_datasets', operation='view', id=trans.security.encode_id( dataset.id ) )}">${dataset.name | h}</a></div></span><div popupmenu="dataset-${dataset.id}-popup"> @@ -704,12 +704,12 @@ %endif </div> %else: - ${dataset.name} + ${dataset.name | h} %endif </td><td>${dataset.size}</td> - <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=cntrller, id=trans.security.encode_id( sample.library.id ) )}">${dataset.sample.library.name}</a></td> - <td>${dataset.sample.folder.name}</td> + <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=cntrller, id=trans.security.encode_id( sample.library.id ) )}">${dataset.sample.library.name | h}</a></td> + <td>${dataset.sample.folder.name | h}</td><td id="datasetTransferStatus-${encoded_id}">${dataset.status}</td></tr> %endfor @@ -723,7 +723,7 @@ <%def name="render_samples_messages( request, is_admin=False, is_submitted=False, message=None, status=None)"> %if request.is_rejected: <div class='errormessage'> - ${request.last_comment} + ${request.last_comment | h} </div><br/> %endif %if is_admin and is_submitted and request.samples_without_library_destinations: diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/webapps/galaxy/requests/common/create_request.mako --- a/templates/webapps/galaxy/requests/common/create_request.mako +++ b/templates/webapps/galaxy/requests/common/create_request.mako @@ -23,7 +23,7 @@ <div class="toolForm"><div class="toolFormTitle">Create a new sequencing request</div> %if len( request_type_select_field.options ) < 1: - There are no request types available for ${trans.user.email} to create sequencing requests. + There are no request types available for ${trans.user.email | h} to create sequencing requests. %else: <div class="toolFormBody"><form name="create_request" id="create_request" action="${h.url_for( controller='requests_common', action='create_request', cntrller=cntrller )}" method="post" > diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/webapps/galaxy/requests/common/edit_basic_request_info.mako --- a/templates/webapps/galaxy/requests/common/edit_basic_request_info.mako +++ b/templates/webapps/galaxy/requests/common/edit_basic_request_info.mako @@ -31,7 +31,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Edit sequencing request "${request.name}"</div> + <div class="toolFormTitle">Edit sequencing request "${request.name | h}"</div><div class="toolFormBody"><form name="edit_basic_request_info" id="edit_basic_request_info" action="${h.url_for( controller='requests_common', action='edit_basic_request_info', cntrller=cntrller, id=trans.security.encode_id( request.id ) )}" method="post" > %for i, field in enumerate( widgets ): @@ -70,11 +70,11 @@ %><div class="form-row"><label>Send to:</label> - <input type="checkbox" name="email_address" value="true" ${email_address}>${request.user.email} (sequencing request owner)<input type="hidden" name="email_address" value="true"> + <input type="checkbox" name="email_address" value="true" ${email_address}>${request.user.email | h} (sequencing request owner)<input type="hidden" name="email_address" value="true"></div><div class="form-row"><label>Additional email addresses:</label> - <textarea name="additional_email_addresses" rows="3" cols="40">${emails}</textarea> + <textarea name="additional_email_addresses" rows="3" cols="40">${emails | h}</textarea><div class="toolParamHelp" style="clear: both;"> Enter one email address per line </div> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/webapps/galaxy/requests/common/find_samples.mako --- a/templates/webapps/galaxy/requests/common/find_samples.mako +++ b/templates/webapps/galaxy/requests/common/find_samples.mako @@ -72,7 +72,7 @@ %if samples: %for sample in samples: <div class="form-row"> - Sample: <b>${sample.name}</b> | Barcode: ${sample.bar_code}<br/> + Sample: <b>${sample.name | h}</b> | Barcode: ${sample.bar_code | h}<br/> %if sample.request.is_new or not sample.state: State: Unsubmitted<br/> %else: @@ -85,10 +85,10 @@ %> Datasets: <a href="${h.url_for( controller='requests_common', action='view_sample_datasets', cntrller=cntrller, external_service_id=trans.security.encode_id( external_service.id ), sample_id=trans.security.encode_id( sample.id ) )}">${len( sample.datasets )}</a><br/> %if is_admin: - <i>User: ${sample.request.user.email}</i> + <i>User: ${sample.request.user.email | h}</i> %endif <div class="toolParamHelp" style="clear: both;"> - <a href="${h.url_for( controller='requests_common', action='view_request', cntrller=cntrller, id=trans.security.encode_id( sample.request.id ) )}">Sequencing request: ${sample.request.name} | Type: ${sample.request.type.name} | State: ${sample.request.state}</a> + <a href="${h.url_for( controller='requests_common', action='view_request', cntrller=cntrller, id=trans.security.encode_id( sample.request.id ) )}">Sequencing request: ${sample.request.name | h} | Type: ${sample.request.type.name} | State: ${sample.request.state}</a></div></div><br/> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/webapps/galaxy/requests/common/view_request.mako --- a/templates/webapps/galaxy/requests/common/view_request.mako +++ b/templates/webapps/galaxy/requests/common/view_request.mako @@ -58,7 +58,7 @@ ${render_samples_messages(request, is_admin, is_submitted, message, status)} <div class="toolForm"> - <div class="toolFormTitle">Sequencing request "${request.name}"</div> + <div class="toolFormTitle">Sequencing request "${request.name | h}"</div><div class="toolFormBody"><div class="form-row"><label>Current state:</label> @@ -67,12 +67,12 @@ </div><div class="form-row"><label>Description:</label> - ${request.desc} + ${request.desc | h} <div style="clear: both"></div></div><div class="form-row"><label>User:</label> - ${request.user.email} + ${request.user.email | h} <div style="clear: both"></div></div><div class="form-row"> @@ -94,7 +94,7 @@ %><div class="form-row"><label>${field_label}:</label> - ${field_value} + ${field_value | h} </div><div style="clear: both"></div> %endfor @@ -116,7 +116,7 @@ else: emails = '' %> - ${emails} + ${emails | h} <div style="clear: both"></div></div><div class="form-row"> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/webapps/galaxy/requests/common/view_request_history.mako --- a/templates/webapps/galaxy/requests/common/view_request_history.mako +++ b/templates/webapps/galaxy/requests/common/view_request_history.mako @@ -36,7 +36,7 @@ ${render_msg( message, status )} %endif -<h3>History of sequencing request "${request.name}"</h3> +<h3>History of sequencing request "${request.name | h}"</h3><div class="toolForm"><table class="grid"> @@ -52,7 +52,7 @@ <tr><td><b>${event.state}</b></td><td>${time_ago( event.update_time )}</td> - <td>${event.comment}</td> + <td>${event.comment | h}</td></tr> %endfor </tbody> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/webapps/galaxy/requests/common/view_sample.mako --- a/templates/webapps/galaxy/requests/common/view_sample.mako +++ b/templates/webapps/galaxy/requests/common/view_sample.mako @@ -6,7 +6,7 @@ %if external_service: <p><div class="toolForm"> - <div class="toolFormTitle">Available External Service Actions for ${sample.name} at ${external_service.name}</div> + <div class="toolFormTitle">Available External Service Actions for ${sample.name | h} at ${external_service.name | h}</div><div class="toolFormBody"><div class="toolMenu"> %for item in external_service.actions: @@ -25,7 +25,7 @@ <div class="form-row"><div class="toolSectionList"><div class="toolSectionTitle"> - <span>${external_service_group.label}</span> + <span>${external_service_group.label | h}</span></div><div class="toolSectionBody"><div class="toolSectionBg"> @@ -54,7 +54,7 @@ target = 'galaxy_main' %><div class="toolTitle"> - <a href="${external_service_action.get_action_access_link( trans )}" target="${target}">${external_service_action.label}</a> + <a href="${external_service_action.get_action_access_link( trans )}" target="${target}">${external_service_action.label | h}</a></div></%def> @@ -75,38 +75,38 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Sample "${sample.name}"</div> + <div class="toolFormTitle">Sample "${sample.name | h}"</div><div class="toolFormBody"><div class="form-row"><label>Name:</label> - ${sample.name} + ${sample.name | h} <div style="clear: both"></div></div><div class="form-row"><label>Description:</label> - ${sample.desc} + ${sample.desc | h} <div style="clear: both"></div></div><div class="form-row"><label>Barcode:</label> - ${sample.bar_code} + ${sample.bar_code | h} <div style="clear: both"></div></div> %if sample.library: <div class="form-row"><label>Library:</label> - ${sample.library.name} + ${sample.library.name | h} <div style="clear: both"></div></div><div class="form-row"><label>Folder:</label> - ${sample.folder.name} + ${sample.folder.name | h} <div style="clear: both"></div></div> %endif <div class="form-row"><label>Request:</label> - ${sample.request.name} + ${sample.request.name | h} <div style="clear: both"></div></div></div> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/webapps/galaxy/requests/common/view_sample_history.mako --- a/templates/webapps/galaxy/requests/common/view_sample_history.mako +++ b/templates/webapps/galaxy/requests/common/view_sample_history.mako @@ -12,7 +12,7 @@ ${render_msg( message, status )} %endif -<h3>History of sample "${sample.name}"</h3> +<h3>History of sample "${sample.name | h}"</h3><div class="toolForm"><table class="grid"> @@ -27,10 +27,10 @@ <tbody> %for event in sample.events: <tr> - <td><b>${event.state.name}</b></td> - <td>${event.state.desc}</td> + <td><b>${event.state.name | h}</b></td> + <td>${event.state.desc | h}</td><td>${time_ago( event.update_time )}</td> - <td>${event.comment}</td> + <td>${event.comment | h}</td></tr> %endfor </tbody> https://bitbucket.org/galaxy/galaxy-central/commits/172f91ec31ef/ Changeset: 172f91ec31ef Branch: next-stable User: martenson Date: 2014-12-03 17:01:23+00:00 Summary: Merged in martenson/galaxy-central-marten/mako_escape_requests (pull request #579) [next-stable] escaping of the templates in the 'requests' and 'forms' sections Affected #: 18 files diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/forms/create_form.mako --- a/templates/admin/forms/create_form.mako +++ b/templates/admin/forms/create_form.mako @@ -9,7 +9,7 @@ <div class="toolFormTitle">Create a new form definition</div> %for label, input in inputs: <div class="form-row"> - <label>${label}</label> + <label>${label | h}</label> ${input.get_html()} <div style="clear: both"></div></div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/forms/edit_form_definition.mako --- a/templates/admin/forms/edit_form_definition.mako +++ b/templates/admin/forms/edit_form_definition.mako @@ -96,14 +96,14 @@ <form id="edit_form_definition" name="edit_form_definition" action="${h.url_for( controller='forms', action='edit_form_definition', id=trans.security.encode_id( form_definition.current.id ) )}" method="post" ><div class="toolForm"> - <div class="toolFormTitle">Edit form definition "${form_definition.name}" (${form_definition.type})</div> + <div class="toolFormTitle">Edit form definition "${form_definition.name | h}" (${form_definition.type | h})</div> %if response_redirect: <input type="hidden" name="response_redirect" value="${response_redirect}" size="40" /> %endif %for label, input in form_details: <div class="form-row"> %if label != 'Type': - <label>${label}</label> + <label>${label | h}</label> %endif <div style="float: left; width: 250px; margin-right: 10px;"> ${input.get_html()} diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/request_type/common.mako --- a/templates/admin/request_type/common.mako +++ b/templates/admin/request_type/common.mako @@ -2,7 +2,7 @@ <div class="repeat-group-item"><div class="form-row"><label>${1+element_count}. State name:</label> - <input type="text" name="state_name_${element_count}" value="${state_name}" size="40"/> + <input type="text" name="state_name_${element_count}" value="${state_name | h}" size="40"/> ## Do not show remove button for the first state %if element_count > 0: <input type="submit" name="remove_state_button" value="Remove state ${1+element_count}"/> @@ -10,7 +10,7 @@ </div><div class="form-row"><label>Description:</label> - <input type="text" name="state_desc_${element_count}" value="${state_desc}" size="40"/> + <input type="text" name="state_desc_${element_count}" value="${state_desc | h}" size="40"/><div class="toolParamHelp" style="clear: both;"> optional </div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/request_type/create_request_type.mako --- a/templates/admin/request_type/create_request_type.mako +++ b/templates/admin/request_type/create_request_type.mako @@ -23,7 +23,7 @@ <div class="toolFormTitle">Create a new request type</div> %for rt_info in rt_info_widgets: <div class="form-row"> - <label>${rt_info['label']}</label> + <label>${rt_info['label'] | h}</label><div style="float: left; width: 250px; margin-right: 10px;"> ${rt_info['widget'].get_html()} </div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/request_type/edit_request_type.mako --- a/templates/admin/request_type/edit_request_type.mako +++ b/templates/admin/request_type/edit_request_type.mako @@ -32,26 +32,26 @@ <form name="edit_request_type" action="${h.url_for( controller='request_type', action='edit_request_type', id=trans.security.encode_id( request_type.id ) )}" method="post" ><div class="toolForm"> - <div class="toolFormTitle">"Edit ${request_type.name}" request type</div> + <div class="toolFormTitle">"Edit ${request_type.name | h}" request type</div><div class="form-row"><label>Name:</label> - <input type="text" name="name" value="${request_type.name}" size="40"/> + <input type="text" name="name" value="${request_type.name | }" size="40"/><div style="clear: both"></div></div><div class="form-row"><label>Description:</label> - <input type="text" name="desc" value="${request_type.desc}" size="40"/> + <input type="text" name="desc" value="${request_type.desc | h}" size="40"/><div style="clear: both"></div></div><div class="form-row"><label>Sequencing request form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name | h}</a> ## Hidden field needed by the __save_request_type() method <input type="hidden" name="request_form_id" value="${trans.security.encode_id( request_type.request_form_id )}" size="40"/></div><div class="form-row"><label>Sample form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name | h}</a> ## Hidden field needed by the __save_request_type() method <input type="hidden" name="sample_form_id" value="${trans.security.encode_id( request_type.sample_form_id )}" size="40"/></div> @@ -63,11 +63,11 @@ <div class="repeat-group-item"><div class="form-row"><label>${1+element_count}. State name:</label> - <input type="text" name="state_name_${trans.security.encode_id( state.id )}" value="${state.name}" size="40"/> + <input type="text" name="state_name_${trans.security.encode_id( state.id )}" value="${state.name | h}" size="40"/></div><div class="form-row"><label>Description:</label> - <input type="text" name="state_desc_${trans.security.encode_id( state.id )}" value="${state.desc}" size="40"/> + <input type="text" name="state_desc_${trans.security.encode_id( state.id )}" value="${state.desc | h}" size="40"/><div class="toolParamHelp" style="clear: both;"> optional </div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/request_type/request_type_permissions.mako --- a/templates/admin/request_type/request_type_permissions.mako +++ b/templates/admin/request_type/request_type_permissions.mako @@ -48,7 +48,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Manage access permissions on request type "${request_type.name}"</div> + <div class="toolFormTitle">Manage access permissions on request type "${request_type.name | h}"</div><div class="toolFormBody"><form name="request_type_permissions" id="request_type_permissions" action="${h.url_for( controller='request_type', action='request_type_permissions', id=trans.security.encode_id( request_type.id ) )}" method="post"><div class="form-row"> @@ -65,13 +65,13 @@ in_roles.add( a.role ) out_roles = filter( lambda x: x not in in_roles, all_roles ) %> - ${action.description}<br/><br/> + ${action.description | h}<br/><br/><div style="width: 100%; white-space: nowrap;"><div style="float: left; width: 50%;"> Roles associated:<br/><select name="${action_key}_in" id="${action_key}_in_select" class="in_select" style="max-width: 98%; width: 98%; height: 150px; font-size: 100%;" multiple> %for role in in_roles: - <option value="${role.id}">${role.name}</option> + <option value="${role.id}">${role.name | h}</option> %endfor </select><br/><div style="width: 98%; text-align: right"><input type="submit" id="${action_key}_remove_button" class="role_remove_button" value=">>"/></div> @@ -80,7 +80,7 @@ Roles not associated:<br/><select name="${action_key}_out" id="${action_key}_out_select" style="max-width: 98%; width: 98%; height: 150px; font-size: 100%;" multiple> %for role in out_roles: - <option value="${role.id}">${role.name}</option> + <option value="${role.id}">${role.name | h}</option> %endfor </select><br/><input type="submit" id="${action_key}_add_button" class="role_add_button" value="<<"/> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/request_type/view_request_type.mako --- a/templates/admin/request_type/view_request_type.mako +++ b/templates/admin/request_type/view_request_type.mako @@ -30,24 +30,24 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">"${request_type.name}" request type</div> + <div class="toolFormTitle">"${request_type.name | h}" request type</div><div class="form-row"><label>Name:</label> - ${request_type.name} + ${request_type.name | h} <div style="clear: both"></div></div><div class="form-row"><label>Description:</label> - ${request_type.desc} + ${request_type.desc | h} <div style="clear: both"></div></div><div class="form-row"><label>Sequencing request form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name | h}</a></div><div class="form-row"><label>Sample form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name | h}</a></div></div><p/> @@ -55,8 +55,8 @@ <div class="toolFormTitle">Sample states defined for this request type</div> %for state in request_type.states: <div class="form-row"> - <label>${state.name}</label> - ${state.desc} + <label>${state.name | h}</label> + ${state.desc | h} </div><div style="clear: both"></div> %endfor @@ -67,8 +67,8 @@ %if request_type.external_services: %for index, external_service in enumerate( request_type.external_services ): <div class="form-row"> - <label><a href="${h.url_for( controller='external_service', action='view_external_service', id=trans.security.encode_id( external_service.id ) )}">${external_service.name}</a></label> - ${external_service.get_external_service_type( trans ).name} + <label><a href="${h.url_for( controller='external_service', action='view_external_service', id=trans.security.encode_id( external_service.id ) )}">${external_service.name | h}</a></label> + ${external_service.get_external_service_type( trans ).name | h} </div> %endfor %else: diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/requests/reject.mako --- a/templates/admin/requests/reject.mako +++ b/templates/admin/requests/reject.mako @@ -15,7 +15,7 @@ </ul><div class="toolForm"> - <div class="toolFormTitle">Reject sequencing request "${request.name}"</div> + <div class="toolFormTitle">Reject sequencing request "${request.name | h}"</div><form name="event" action="${h.url_for( controller='requests_admin', action='reject_request', id=trans.security.encode_id( request.id ) )}" method="post" ><div class="form-row"> Rejecting this request will move the request state to <b>Rejected</b>. diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/requests/rename_datasets.mako --- a/templates/admin/requests/rename_datasets.mako +++ b/templates/admin/requests/rename_datasets.mako @@ -3,7 +3,7 @@ <% from galaxy.webapps.galaxy.controllers.requests_admin import build_rename_datasets_for_sample_select_field %> -<h3>Rename datasets for Sample "${sample.name}"</h3> +<h3>Rename datasets for Sample "${sample.name | h}"</h3><ul class="manage-table-actions"><li><a class="action-button" href="${h.url_for( controller='requests_admin', action='manage_datasets', sample_id=trans.security.encode_id( sample.id ) )}">Browse datasets</a></li> @@ -35,7 +35,7 @@ ${rename_datasets_for_sample_select_field.get_html()} </td><td> - <input type="text" name="new_name_${trans.security.encode_id( sample_dataset.id ) }" value="${sample_dataset.name}" size="100"/> + <input type="text" name="new_name_${trans.security.encode_id( sample_dataset.id ) }" value="${sample_dataset.name | h}" size="100"/></td><td>${sample_dataset.file_path}</td></tr> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/requests/view_sample_dataset.mako --- a/templates/admin/requests/view_sample_dataset.mako +++ b/templates/admin/requests/view_sample_dataset.mako @@ -21,19 +21,19 @@ </ul><div class="toolForm"> - <div class="toolFormTitle">"${sample.name}" Dataset</div> + <div class="toolFormTitle">"${sample.name | h}" Dataset</div><div class="toolFormBody"><div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - ${sample_dataset.name} + ${sample_dataset.name | h} </div><div style="clear: both"></div></div><div class="form-row"><label>External service:</label><div style="float: left; width: 250px; margin-right: 10px;"> - ${sample_dataset.external_service.name} (${sample_dataset.external_service.get_external_service_type( trans ).name}) + ${sample_dataset.external_service.name | h} (${sample_dataset.external_service.get_external_service_type( trans ).name | h}) </div><div style="clear: both"></div></div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/common.mako --- a/templates/webapps/galaxy/requests/common/common.mako +++ b/templates/webapps/galaxy/requests/common/common.mako @@ -257,18 +257,18 @@ <td valign="top"><input type="checkbox" name=select_sample_${sample.id} id="sample_checkbox" value="true" ${checked_str}/><input type="hidden" name=select_sample_${sample.id} id="sample_checkbox" value="true"/></td> %endif <td valign="top"> - <input type="text" name="sample_${sample_widget_index}_name" value="${sample_widget['name']}" size="10"/> + <input type="text" name="sample_${sample_widget_index}_name" value="${sample_widget['name'] | h}" size="10"/><div class="toolParamHelp" style="clear: both;"> - <i>${' (required)' }</i> + <i>(required)</i></div></td> %if display_bar_code: <td valign="top"> %if is_admin and is_submitted: - <input type="text" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code']}" size="10"/> + <input type="text" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code'] | h}" size="10"/> %else: - ${sample_widget['bar_code']} - <input type="hidden" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code']}"/> + ${sample_widget['bar_code'] | h} + <input type="hidden" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code'] | h}"/> %endif </td> %endif @@ -416,7 +416,7 @@ transferred_dataset_files = [] %><div style="float: left; margin-left: 2px;" class="menubutton split popup" id="sample-${sample.id}-popup"> - <a class="view-info" href="${h.url_for( controller='requests_common', action='view_sample', cntrller=cntrller, id=trans.security.encode_id( sample.id ) )}">${sample.name}</a> + <a class="view-info" href="${h.url_for( controller='requests_common', action='view_sample', cntrller=cntrller, id=trans.security.encode_id( sample.id ) )}">${sample.name | h}</a></div><div popupmenu="sample-${sample.id}-popup"> %if can_select_datasets: @@ -439,11 +439,11 @@ %endif </div> %else: - ${sample_widget_name} + ${sample_widget_name | h} %endif </td> %if display_bar_code: - <td>${sample_widget_bar_code}</td> + <td>${sample_widget_bar_code | h}</td> %endif %if is_unsubmitted: <td>Unsubmitted</td> @@ -451,12 +451,12 @@ <td><a id="sampleState-${sample.id}" href="${h.url_for( controller='requests_common', action='view_sample_history', cntrller=cntrller, sample_id=trans.security.encode_id( sample.id ) )}">${render_sample_state( sample )}</a></td> %endif %if sample_widget_library and library_cntrller is not None: - <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=library_cntrller, id=trans.security.encode_id( sample_widget_library.id ) )}">${sample_widget_library.name}</a></td> + <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=library_cntrller, id=trans.security.encode_id( sample_widget_library.id ) )}">${sample_widget_library.name | h}</a></td> %else: <td></td> %endif %if sample_widget_folder: - <td>${sample_widget_folder.name}</td> + <td>${sample_widget_folder.name | h}</td> %else: <td></td> %endif @@ -464,11 +464,11 @@ %if trans.user == sample_widget_history.user: <td><a target='_parent' href="${h.url_for( controller='history', action='list', operation="Switch", id=trans.security.encode_id(sample_widget_history.id), use_panels=False )}"> - ${sample_widget_history.name} + ${sample_widget_history.name | h} </a></td> %else: - <td>${sample_widget_history.name}</td> + <td>${sample_widget_history.name | h}</td> %endif %else: <td></td> @@ -477,11 +477,11 @@ %if trans.user == sample_widget_workflow.stored_workflow.user: <td><a target='_parent' href="${h.url_for( controller='workflow', action='editor', id=trans.security.encode_id(sample_widget_workflow.stored_workflow.id) )}"> - ${sample_widget_workflow.name} + ${sample_widget_workflow.name | h} </a></td> %else: - <td>${sample_widget_workflow.name}</td> + <td>${sample_widget_workflow.name | h}</td> %endif %else: <td></td> @@ -519,7 +519,7 @@ <%def name="render_sample_form( index, sample_name, sample_values, fields_dict, display_only )"><tr> - <td>${sample_name}</td> + <td>${sample_name | h}</td> %for field_index, field in fields_dict.items(): <% field_type = field[ 'type' ] @@ -532,17 +532,17 @@ %if field_type == 'WorkflowField': %if str( field_value ) != 'none': <% workflow = trans.sa_session.query( trans.app.model.StoredWorkflow ).get( int( field_value ) ) %> - <a href="${h.url_for( controller='workflow', action='run', id=trans.security.encode_id( workflow.id ) )}">${workflow.name}</a> + <a href="${h.url_for( controller='workflow', action='run', id=trans.security.encode_id( workflow.id ) )}">${workflow.name | h}</a> %endif %else: - ${field_value} + ${field_value | h} %endif %else: <i>None</i> %endif %else: %if field_type == 'TextField': - <input type="text" name="sample_${index}_field_${field_index}" value="${field_value}" size="7"/> + <input type="text" name="sample_${index}_field_${field_index}" value="${field_value | h}" size="7"/> %elif field_type == 'SelectField': <select name="sample_${index}_field_${field_index}" last_selected_value="2"> %for option_index, option in enumerate(field[ 'selectlist' ]): @@ -695,7 +695,7 @@ %if is_admin: <span class="expandLink dataset-${dataset}-click"><span class="rowIcon"></span><div style="float: left; margin-left: 2px;" class="menubutton split popup" id="dataset-${dataset.id}-popup"> - <a class="dataset-${encoded_id}-click" href="${h.url_for( controller='requests_admin', action='manage_datasets', operation='view', id=trans.security.encode_id( dataset.id ) )}">${dataset.name}</a> + <a class="dataset-${encoded_id}-click" href="${h.url_for( controller='requests_admin', action='manage_datasets', operation='view', id=trans.security.encode_id( dataset.id ) )}">${dataset.name | h}</a></div></span><div popupmenu="dataset-${dataset.id}-popup"> @@ -704,12 +704,12 @@ %endif </div> %else: - ${dataset.name} + ${dataset.name | h} %endif </td><td>${dataset.size}</td> - <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=cntrller, id=trans.security.encode_id( sample.library.id ) )}">${dataset.sample.library.name}</a></td> - <td>${dataset.sample.folder.name}</td> + <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=cntrller, id=trans.security.encode_id( sample.library.id ) )}">${dataset.sample.library.name | h}</a></td> + <td>${dataset.sample.folder.name | h}</td><td id="datasetTransferStatus-${encoded_id}">${dataset.status}</td></tr> %endfor @@ -723,7 +723,7 @@ <%def name="render_samples_messages( request, is_admin=False, is_submitted=False, message=None, status=None)"> %if request.is_rejected: <div class='errormessage'> - ${request.last_comment} + ${request.last_comment | h} </div><br/> %endif %if is_admin and is_submitted and request.samples_without_library_destinations: diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/create_request.mako --- a/templates/webapps/galaxy/requests/common/create_request.mako +++ b/templates/webapps/galaxy/requests/common/create_request.mako @@ -23,7 +23,7 @@ <div class="toolForm"><div class="toolFormTitle">Create a new sequencing request</div> %if len( request_type_select_field.options ) < 1: - There are no request types available for ${trans.user.email} to create sequencing requests. + There are no request types available for ${trans.user.email | h} to create sequencing requests. %else: <div class="toolFormBody"><form name="create_request" id="create_request" action="${h.url_for( controller='requests_common', action='create_request', cntrller=cntrller )}" method="post" > diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/edit_basic_request_info.mako --- a/templates/webapps/galaxy/requests/common/edit_basic_request_info.mako +++ b/templates/webapps/galaxy/requests/common/edit_basic_request_info.mako @@ -31,7 +31,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Edit sequencing request "${request.name}"</div> + <div class="toolFormTitle">Edit sequencing request "${request.name | h}"</div><div class="toolFormBody"><form name="edit_basic_request_info" id="edit_basic_request_info" action="${h.url_for( controller='requests_common', action='edit_basic_request_info', cntrller=cntrller, id=trans.security.encode_id( request.id ) )}" method="post" > %for i, field in enumerate( widgets ): @@ -70,11 +70,11 @@ %><div class="form-row"><label>Send to:</label> - <input type="checkbox" name="email_address" value="true" ${email_address}>${request.user.email} (sequencing request owner)<input type="hidden" name="email_address" value="true"> + <input type="checkbox" name="email_address" value="true" ${email_address}>${request.user.email | h} (sequencing request owner)<input type="hidden" name="email_address" value="true"></div><div class="form-row"><label>Additional email addresses:</label> - <textarea name="additional_email_addresses" rows="3" cols="40">${emails}</textarea> + <textarea name="additional_email_addresses" rows="3" cols="40">${emails | h}</textarea><div class="toolParamHelp" style="clear: both;"> Enter one email address per line </div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/find_samples.mako --- a/templates/webapps/galaxy/requests/common/find_samples.mako +++ b/templates/webapps/galaxy/requests/common/find_samples.mako @@ -72,7 +72,7 @@ %if samples: %for sample in samples: <div class="form-row"> - Sample: <b>${sample.name}</b> | Barcode: ${sample.bar_code}<br/> + Sample: <b>${sample.name | h}</b> | Barcode: ${sample.bar_code | h}<br/> %if sample.request.is_new or not sample.state: State: Unsubmitted<br/> %else: @@ -85,10 +85,10 @@ %> Datasets: <a href="${h.url_for( controller='requests_common', action='view_sample_datasets', cntrller=cntrller, external_service_id=trans.security.encode_id( external_service.id ), sample_id=trans.security.encode_id( sample.id ) )}">${len( sample.datasets )}</a><br/> %if is_admin: - <i>User: ${sample.request.user.email}</i> + <i>User: ${sample.request.user.email | h}</i> %endif <div class="toolParamHelp" style="clear: both;"> - <a href="${h.url_for( controller='requests_common', action='view_request', cntrller=cntrller, id=trans.security.encode_id( sample.request.id ) )}">Sequencing request: ${sample.request.name} | Type: ${sample.request.type.name} | State: ${sample.request.state}</a> + <a href="${h.url_for( controller='requests_common', action='view_request', cntrller=cntrller, id=trans.security.encode_id( sample.request.id ) )}">Sequencing request: ${sample.request.name | h} | Type: ${sample.request.type.name} | State: ${sample.request.state}</a></div></div><br/> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/view_request.mako --- a/templates/webapps/galaxy/requests/common/view_request.mako +++ b/templates/webapps/galaxy/requests/common/view_request.mako @@ -58,7 +58,7 @@ ${render_samples_messages(request, is_admin, is_submitted, message, status)} <div class="toolForm"> - <div class="toolFormTitle">Sequencing request "${request.name}"</div> + <div class="toolFormTitle">Sequencing request "${request.name | h}"</div><div class="toolFormBody"><div class="form-row"><label>Current state:</label> @@ -67,12 +67,12 @@ </div><div class="form-row"><label>Description:</label> - ${request.desc} + ${request.desc | h} <div style="clear: both"></div></div><div class="form-row"><label>User:</label> - ${request.user.email} + ${request.user.email | h} <div style="clear: both"></div></div><div class="form-row"> @@ -94,7 +94,7 @@ %><div class="form-row"><label>${field_label}:</label> - ${field_value} + ${field_value | h} </div><div style="clear: both"></div> %endfor @@ -116,7 +116,7 @@ else: emails = '' %> - ${emails} + ${emails | h} <div style="clear: both"></div></div><div class="form-row"> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/view_request_history.mako --- a/templates/webapps/galaxy/requests/common/view_request_history.mako +++ b/templates/webapps/galaxy/requests/common/view_request_history.mako @@ -36,7 +36,7 @@ ${render_msg( message, status )} %endif -<h3>History of sequencing request "${request.name}"</h3> +<h3>History of sequencing request "${request.name | h}"</h3><div class="toolForm"><table class="grid"> @@ -52,7 +52,7 @@ <tr><td><b>${event.state}</b></td><td>${time_ago( event.update_time )}</td> - <td>${event.comment}</td> + <td>${event.comment | h}</td></tr> %endfor </tbody> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/view_sample.mako --- a/templates/webapps/galaxy/requests/common/view_sample.mako +++ b/templates/webapps/galaxy/requests/common/view_sample.mako @@ -6,7 +6,7 @@ %if external_service: <p><div class="toolForm"> - <div class="toolFormTitle">Available External Service Actions for ${sample.name} at ${external_service.name}</div> + <div class="toolFormTitle">Available External Service Actions for ${sample.name | h} at ${external_service.name | h}</div><div class="toolFormBody"><div class="toolMenu"> %for item in external_service.actions: @@ -25,7 +25,7 @@ <div class="form-row"><div class="toolSectionList"><div class="toolSectionTitle"> - <span>${external_service_group.label}</span> + <span>${external_service_group.label | h}</span></div><div class="toolSectionBody"><div class="toolSectionBg"> @@ -54,7 +54,7 @@ target = 'galaxy_main' %><div class="toolTitle"> - <a href="${external_service_action.get_action_access_link( trans )}" target="${target}">${external_service_action.label}</a> + <a href="${external_service_action.get_action_access_link( trans )}" target="${target}">${external_service_action.label | h}</a></div></%def> @@ -75,38 +75,38 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Sample "${sample.name}"</div> + <div class="toolFormTitle">Sample "${sample.name | h}"</div><div class="toolFormBody"><div class="form-row"><label>Name:</label> - ${sample.name} + ${sample.name | h} <div style="clear: both"></div></div><div class="form-row"><label>Description:</label> - ${sample.desc} + ${sample.desc | h} <div style="clear: both"></div></div><div class="form-row"><label>Barcode:</label> - ${sample.bar_code} + ${sample.bar_code | h} <div style="clear: both"></div></div> %if sample.library: <div class="form-row"><label>Library:</label> - ${sample.library.name} + ${sample.library.name | h} <div style="clear: both"></div></div><div class="form-row"><label>Folder:</label> - ${sample.folder.name} + ${sample.folder.name | h} <div style="clear: both"></div></div> %endif <div class="form-row"><label>Request:</label> - ${sample.request.name} + ${sample.request.name | h} <div style="clear: both"></div></div></div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/view_sample_history.mako --- a/templates/webapps/galaxy/requests/common/view_sample_history.mako +++ b/templates/webapps/galaxy/requests/common/view_sample_history.mako @@ -12,7 +12,7 @@ ${render_msg( message, status )} %endif -<h3>History of sample "${sample.name}"</h3> +<h3>History of sample "${sample.name | h}"</h3><div class="toolForm"><table class="grid"> @@ -27,10 +27,10 @@ <tbody> %for event in sample.events: <tr> - <td><b>${event.state.name}</b></td> - <td>${event.state.desc}</td> + <td><b>${event.state.name | h}</b></td> + <td>${event.state.desc | h}</td><td>${time_ago( event.update_time )}</td> - <td>${event.comment}</td> + <td>${event.comment | h}</td></tr> %endfor </tbody> Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.
participants (1)
-
commits-noreply@bitbucket.org