use List::MoreUtils qw(uniq);
use HTML::TreeBuilder;
use HTML::Element;
+use HTML::Defang;
use OpenSRF::Utils::Cache;
use OpenSRF::Utils::Logger qw/$logger/;
use OpenILS::Utils::CStoreEditor qw/:funcs/;
use OpenILS::Application::AppUtils;
use OpenSRF::MultiSession;
+my $defang = HTML::Defang->new;
my $U = 'OpenILS::Application::AppUtils';
my $ro_object_subs; # cached subs
my $nref = ref $node;
if ($nref eq "HTML::Element") {
$current_length += length $node->as_text();
- push(@html_strings, $node->as_HTML());
+ my $escaped_html = $defang->defang($node->as_HTML());
+ push(@html_strings, $escaped_html);
} else {
# Node is whitespace - handling this like regular simple text
# doesn't like to play nice, so handling separately
push(@html_strings, " $trunc_str");
$truncated = 1;
} else {
- push(@html_strings, $node);
+ push(@html_strings, $defang->defang($node));
}
# Node is simple text
} else {
$nshort = substr $node, 0, $nloc;
$nrest = substr $node, $nloc;
}
+ $nshort = $defang->defang($nshort);
+ $nrest = $defang->defang($nrest);
push(@html_strings, "$nshort $trunc_str $nrest");
$truncated = 1;
} else {
- push(@html_strings, $node);
+ push(@html_strings, $defang->defang($node));
}
$current_length += length $node;
}
[% END -%]
[% MACRO accordion(str, trunc_length, element) BLOCK;
IF truncate_contents != 1;
- str;
+ str | html;
ELSE;
UNLESS trunc_length;
trunc_length = contents_truncate_length || 100;
IF accordion_res.1;
str = str _ " <a onclick='toggleAccordion(this, " _ element _ ")'>" _ l('Read More') _ "</a>";
END;
+ str;
+ ELSE;
+ str | html;
END;
- str;
END;
END; %]
%]
<div id='canvas_main' class='canvas' vocab="http://schema.org/" typeof='[% args.schema.itemtype %] Product' resource="#schemarecord">
[%- FOREACH link IN args.links.sameAs; %]
- <link property="sameAs" href="[% link %]">
+ <link property="sameAs" href="[% link | html %]">
[%- END; %]
[%- FOREACH link IN args.links.exampleOfWork; %]
- <link property="exampleOfWork" href="[% link %]">
+ <link property="exampleOfWork" href="[% link | html %]">
[%- END; %]
[%- INCLUDE "opac/parts/record/navigation.tt2" %]
[%- IF ctx.bib_is_dead %]
url = mkurl(ctx.opac_root _ '/results',
{ qtype=>'series', query=>search_term }, stop_parms.merge(expert_search_parms, general_search_parms, browse_search_parms, facet_search_parms)
);
- series = '<a href="' _ url _ '">' _ s.$hl_field _ '</a> ';
+ filtered_hl_field = s.$hl_field | html;
+ series = '<a href="' _ url _ '">' _ filtered_hl_field _ '</a> ';
results.push(series);
END;
ELSE;
isbnissn=attrs.issns.0;
END;
%]
- <a href='http://obalkyknih.cz/view?isbn=[% isbnissn %]'>
+ <a href='http://obalkyknih.cz/view?isbn=[% isbnissn | html %]'>
<img
alt="[% l('Image of item') %]" id='rdetail_image'
src='[% ctx.media_prefix %]/opac/extras/ac/jacket/[% record.summary.jacket_size %]/r/[% ctx.bre_id | uri %]' />
<a href="[% mkurl(ctx.opac_root _ '/place_hold',
{hold_target => ctx.bre_id, hold_type => 'T', hold_source_page => mkurl()}, stop_parms) %]"
class="no-dec" rel="nofollow" vocab=""><img src="[% ctx.media_prefix %]/images/green_check.png[% ctx.cache_key %]"
- [% img_alt(l('Place Hold on [_1]', attrs.title)) %]/>
+ [% img_alt(l('Place Hold on [_1]', attrs.title)) | html %]/>
<span class="place_hold">[% l('Place Hold') %]</span></a>
</div>
[%- END -%]
<a href="[% mkurl(ctx.opac_root _ '/myopac/ebook_checkout',
{title => args.ebook.ebook_id, vendor => args.ebook.vendor, action => 'checkout'}, stop_parms) %]"
class="no-dec" rel="nofollow" vocab=""><img src="[% ctx.media_prefix %]/images/green_check.png[% ctx.cache_key %]"
- [% img_alt(l('Check Out [_1]', attrs.title)) %]/>
+ [% img_alt(l('Check Out [_1]', attrs.title)) | html %]/>
<span class="place_hold">[% l('Check Out E-Item') %]</span></a>
</div>
<div id="[%- ctx.bre_id -%]_ebook_place_hold" class="rdetail_aux_utils ebook_action hidden">
<a href="[% mkurl(ctx.opac_root _ '/myopac/ebook_place_hold',
{title => args.ebook.ebook_id, vendor => args.ebook.vendor, action => 'place_hold'}, stop_parms) %]"
class="no-dec" rel="nofollow" vocab=""><img src="[% ctx.media_prefix %]/images/green_check.png[% ctx.cache_key %]"
- [% img_alt(l('Place Hold on [_1]', attrs.title)) %]/>
+ [% img_alt(l('Place Hold on [_1]', attrs.title)) | html %]/>
<span class="place_hold">[% l('Place Hold on E-Item') %]</span></a>
</div>
[%- END -%]
rel="nofollow" vocab=""
data-recid="[% ctx.bre_id %]" data-action="add"
class="no-dec mylist_action [% IF ctx.mylist.grep('^' _ ctx.bre_id _ '$').size %]hidden[% END %]"
- title="[% l("Add [_1] to basket", attrs.title) %]" rel="nofollow" vocab="">
+ title="[% l("Add [_1] to basket", attrs.title) | html %]" rel="nofollow" vocab="">
<img src="[% ctx.media_prefix %]/images/add-to-cart.png[% ctx.cache_key %]" alt="" />
[% l("Add to basket") %]
</a>
rel="nofollow" vocab=""
data-recid="[% ctx.bre_id %]" data-action="delete"
class="mylist_action [% IF !ctx.mylist.grep('^' _ ctx.bre_id _ '$').size %]hidden[% END %]"
- title="[% l("Remove [_1] from basket", attrs.title) %]" rel="nofollow" vocab="">
+ title="[% l("Remove [_1] from basket", attrs.title) | html %]" rel="nofollow" vocab="">
<img src="[% ctx.media_prefix %]/images/add-to-cart.png[% ctx.cache_key %]" alt="" />
[% l("Remove from basket") %]
</a>
<div class="rdetail_uris">
[%- IF num_uris > 1 %]<ul>[% END %]
[%- FOR uri IN merged_uris %]
+ [%-
+ filtered_href = uri.href | html;
+ filtered_link = uri.link ? uri.link : '' | html;
+ filtered_note = uri.note ? uri.note : '' | html;
+ -%]
[%- IF num_uris == 1 -%]
<p class="rdetail_uri" property="offers" vocab="http://schema.org/" typeof="Offer">
[%- ELSE -%]
<li class="rdetail_uri" property="offers" vocab="http://schema.org/" typeof="Offer">
[%- END -%]
- <a href="[% uri.href %]" class="uri_link" property="url" target="_blank" rel="noopener">
- [%- IF uri.href != uri.link;
- '<span property="description">' _ uri.link _ '</span>';
+ <a href="[% filtered_href %]" class="uri_link" property="url" target="_blank" rel="noopener">
+ [%- IF filtered_href != filtered_link;
+ '<span property="description">' _ filtered_link _ '</span>';
ELSE;
- uri.link;
+ filtered_link;
END;
-%]
</a>
- [%- ' - <span property="description">' _ uri.note _ '</span>' IF uri.note %]
+ [%- ' - <span property="description">' _ filtered_note _ '</span>' IF filtered_note %]
<link property="availability" href="http://schema.org/OnlineOnly" />
[%- IF attrs.gtin13; '<meta property="gtin13" content="' _ attrs.gtin13 _ '" />'; END; %]
[%- IF num_uris == 1 %]</p>[% ELSE %]</li>[% END %]
<ul>
[%- IF attrs.hl.isbn.size; FOR isbn IN attrs.hl.isbn %]
<li class='rdetail_isbns'>
- <strong class='rdetail_label'>[% l('ISBN:'); %]</strong> [% isbn %]
+ <strong class='rdetail_label'>[% l('ISBN:'); %]</strong> [% isbn | html %]
</li>
[%- END; ELSIF attrs.isbns.0;
FOR isbn IN attrs.isbns;
[%- END %]
[%- IF attrs.hl.issn.size; FOR issn IN attrs.hl.issn %]
<li class='rdetail_issns'>
- <strong class='rdetail_label'>[% l('ISSN:'); %]</strong> [% issn %]
+ <strong class='rdetail_label'>[% l('ISSN:'); %]</strong> [% issn | html %]
</li>
[%- END; ELSIF attrs.issns.0; FOR issn IN attrs.issns %]
<li class='rdetail_issns'>
<span class='rdetail_value' property="publisher" typeof="Organization">
[% pubstr = '' %]
[%- IF attrs.pubplace; %]
- <span property="location">[% attrs.pubplace %]</span>
+ <span property="location">[% attrs.pubplace | html %]</span>
[%- END; %]
- <span property="name">[% attrs.publisher %]</span>
+ <span property="name">[% attrs.publisher | html %]</span>
</span>
[%- IF attrs.pubdate; %]
- <span property="datePublished">[% attrs.pubdate %]</span>
+ <span property="datePublished">[% attrs.pubdate | html %]</span>
[%- END; %]
[%-
IF attrs.graphic_pubinfos.size > 0;
[% END %]
<a class='record_title search_link' name='record_[% rec.id %]'
href="[% mkurl(record_url_path, add_parms, del_parms); %]"
- [% html_text_attr('title', l('Display record details for "[_1]"', attrs.title)) %]>
+ [% html_text_attr('title', l('Display record details for "[_1]"', attrs.title)) | html%]>
[% IF attrs.hl.title; attrs.hl.title; ELSE; attrs.title | html; END %]
</a>
[% IF rec.mr_constituent_count.defined && rec.mr_constituent_count > 1 %]
<td valign='top'>
<strong>[% l('Electronic resource') %]</strong>
</td>
- <td><a href="[% uri.href %]" class="uri_link" target="_blank" rel="noopener">[% uri.link | html %]</a>[% ' - ' _ uri.note | html IF uri.note %]</td>
+ <td><a href="[% uri.href | html %]" class="uri_link" target="_blank" rel="noopener">[% uri.link | html %]</a>[% ' - ' _ uri.note | html IF uri.note %]</td>
</tr>
[% END %]
[% END %]
<div class="results_aux_utils place_hold"><a
href="[% mkurl(ctx.opac_root _ '/place_hold',
add_parms, del_parms) %]"
- [% html_text_attr('title', l('Place Hold on [_1]', attrs.title)) %]
+ [% html_text_attr('title', l('Place Hold on [_1]', attrs.title)) | html %]
class="no-dec" rel="nofollow" vocab=""><img
src="[% ctx.media_prefix %]/images/green_check.png[% ctx.cache_key %]"
alt=""/><span class="result_place_hold">[% l('Place Hold') %]</span></a>
<a href="[% mkurl(ctx.opac_root _ '/myopac/ebook_checkout',
{title => args.ebook.ebook_id, vendor => args.ebook.vendor, action => 'checkout'},
['query','tag','subfield','term','_special','sort','page']) %]"
- [% html_text_attr('title', l('Check Out [_1]', attrs.title)) %]
+ [% html_text_attr('title', l('Check Out [_1]', attrs.title)) | html %]
class="no-dec" rel="nofollow" vocab=""><img
src="[% ctx.media_prefix %]/images/green_check.png[% ctx.cache_key %]"
alt=""/><span class="result_place_hold">[% l('Check Out E-Item') %]</span></a>
<a href="[% mkurl(ctx.opac_root _ '/myopac/ebook_place_hold',
{title => args.ebook.ebook_id, vendor => args.ebook.vendor, action => 'place_hold'},
['query','tag','subfield','term','_special','sort','page']) %]"
- [% html_text_attr('title', l('Place Hold on [_1]', attrs.title)) %]
+ [% html_text_attr('title', l('Place Hold on [_1]', attrs.title)) | html %]
class="no-dec" rel="nofollow" vocab=""><img
src="[% ctx.media_prefix %]/images/green_check.png[% ctx.cache_key %]"
alt=""/><span class="result_place_hold">[% l('Place Hold on E-Item') %]</span></a>
<a href="[% addhref %]" id="mylist_add_[% rec.id %]"
data-recid="[% rec.id %]" data-action="add"
class="mylist_action [% IF ctx.mylist.grep('^' _ rec.id _ '$').size %]hidden[% END %]"
- title="[% l("Add [_1] to basket", attrs.title) %]" rel="nofollow" vocab="">
+ title="[% l("Add [_1] to basket", attrs.title) | html %]" rel="nofollow" vocab="">
<img src="[% ctx.media_prefix %]/images/add-to-cart.png[% ctx.cache_key %]" alt="" />
[% l("Add to basket") %]
</a>
<a href="[% delhref %]" id="mylist_delete_[% rec.id %]"
data-recid="[% rec.id %]" data-action="delete"
class="mylist_action [% IF !ctx.mylist.grep('^' _ rec.id _ '$').size %]hidden[% END %]"
- title="[% l("Remove [_1] from basket", attrs.title) %]" rel="nofollow" vocab="">
+ title="[% l("Remove [_1] from basket", attrs.title) | html %]" rel="nofollow" vocab="">
<img src="[% ctx.media_prefix %]/images/add-to-cart.png[% ctx.cache_key %]" alt="" />
[% l("Remove from basket") %]
</a>
[% ident = attrs.isbn_clean || attrs.upc %]
<div class="results_aux_utils result_util">
<a target='_blank'
- [% html_text_attr('title', l('Reviews and More for [_1]', attrs.title)) %]
+ [% html_text_attr('title', l('Reviews and More for [_1]', attrs.title)) | html %]
href="[% ctx.ext_proto %]://contentcafe2.btol.com/ContentCafeClient/ContentCafe.aspx?UserID=[%-
ENV.OILS_CONTENT_CAFE_USER %]&Password=[%-
ENV.OILS_CONTENT_CAFE_PASS %]&ItemKey=[% ident | uri %]&Options=Y" rel="noopener nofollow" vocab="">
projects / evergreen / tadl.git / commitdiff