details: http://www.bx.psu.edu/hg/galaxy/rev/00ca468e6050 changeset: 3321:00ca468e6050 user: jeremy goecks <jeremy.goecks@emory.edu> date: Wed Feb 03 11:35:28 2010 -0500 description: Escape more user-generated data: history name, workflow name, workflow annotation. diffstat: templates/root/history.mako | 2 +- templates/workflow/editor.mako | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diffs (33 lines): diff -r 7df2ad00be1d -r 00ca468e6050 templates/root/history.mako --- a/templates/root/history.mako Wed Feb 03 11:30:06 2010 -0500 +++ b/templates/root/history.mako Wed Feb 03 11:35:28 2010 -0500 @@ -276,7 +276,7 @@ <div id="history-name-area" class="historyLinks" style="color: gray; font-weight: bold;"> <div style="float: right"><a id="history-rename" title="Rename" class="icon-button edit" target="galaxy_main" href="${h.url_for( controller='history', action='rename' )}"></a></div> - <div id="history-name">${history.get_display_name()}</div> + <div id="history-name">${h.escape( history.get_display_name() )}</div> </div> %if history.deleted: diff -r 7df2ad00be1d -r 00ca468e6050 templates/workflow/editor.mako --- a/templates/workflow/editor.mako Wed Feb 03 11:30:06 2010 -0500 +++ b/templates/workflow/editor.mako Wed Feb 03 11:35:28 2010 -0500 @@ -784,7 +784,7 @@ <div id="workflow-name-area" class="form-row"> <label>Name:</label> <div style="float: right"><a id="workflow-rename" title="Rename" class="icon-button edit" target="galaxy_main" href="${h.url_for( controller='workflow', action='rename_sync' )}"></a></div> - <div id="workflow-name">${stored.name}</div> + <div id="workflow-name">${h.escape( stored.name )}</div> <div style="clear: both"></div> </div> ## Workflow tags. @@ -809,7 +809,7 @@ <div id="workflow-annotation-area" class="form-row"> <label>Annotation / Notes:</label> <div style="float: right"><a id="workflow-annotate" title="Annotate" class="icon-button edit" target="galaxy_main" href="${h.url_for( controller='workflow', action='annotate_async' )}"></a></div> - <div id="workflow-annotation">${annotation}</div> + <div id="workflow-annotation">${h.escape( annotation )}</div> <div style="clear: both"></div> <div class="toolParamHelp">Add an annotation or notes to a workflow; annotations are available when a workflow is viewed.</div> </div>