Changeset 125 in bookmarks for trunk/lib


Ignore:
Timestamp:
06/28/16 11:10:03 (8 years ago)
Author:
peter
Message:

HTML-escape template variables before insertion.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/lib/Bookmarks/bookmark.tt

    r119 r125  
    1010        <strong>New bookmark:</strong> 
    1111      [% END %] 
    12       <a href="[% bookmark.uri | html %]" target="_blank">[% bookmark.title or bookmark.uri %]</a> 
     12      <a href="[% bookmark.uri | html %]" target="_blank">[% (bookmark.title or bookmark.uri) | html %]</a> 
    1313      </h1> 
    1414      [% IF bookmark.exists %] 
    1515        <p class="timestamps"> 
    16           Bookmark created <a href="http://web.archive.org/web/[% bookmark.created_iso %]/[% bookmark.uri %]" title="Nearest Wayback Machine Link" target="_blank">[% bookmark.created %]</a>[% IF bookmark.mtime != bookmark.ctime %]; updated 
    17           <a href="http://web.archive.org/web/[% bookmark.updated_iso %]/[% bookmark.uri %]" title="Nearest Wayback Machine Link" target="_blank">[% bookmark.updated %]</a>[% END %] 
     16          Bookmark created <a href="http://web.archive.org/web/[% bookmark.created_iso | html %]/[% bookmark.uri | html  %]" title="Nearest Wayback Machine Link" target="_blank">[% bookmark.created | html %]</a>[% IF bookmark.mtime != bookmark.ctime %]; updated 
     17          <a href="http://web.archive.org/web/[% bookmark.updated_iso | html %]/[% bookmark.uri | html %]" title="Nearest Wayback Machine Link" target="_blank">[% bookmark.updated | html %]</a>[% END %] 
    1818        </p> 
    1919        [% IF bookmark.tags.size %] 
    2020          <p class="tags">Tagged as: 
    2121            [% FOREACH tag IN bookmark.tags %] 
    22               <a href=".?tag=[% tag %]" class="tag" target="_blank" onclick="if (opener && !opener.closed) { opener.location = this.href; return false; }">[% tag %]</a> 
     22              <a href=".?tag=[% tag | html %]" class="tag" target="_blank" onclick="if (opener && !opener.closed) { opener.location = this.href; return false; }">[% tag | html %]</a> 
    2323            [% END %] 
    2424          </p> 
Note: See TracChangeset for help on using the changeset viewer.