From: Bill Erickson Date: Wed, 17 Aug 2011 20:50:50 +0000 (-0400) Subject: Tpac: more html output sanitizing X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=f95c4db643391cbb63f35ff321dc5cbbac75b6c3;p=contrib%2FConifer.git Tpac: more html output sanitizing Signed-off-by: Bill Erickson --- diff --git a/Open-ILS/src/templates/default/opac/parts/record/authors.tt2 b/Open-ILS/src/templates/default/opac/parts/record/authors.tt2 index 93a8b838ef..7304aeb7af 100644 --- a/Open-ILS/src/templates/default/opac/parts/record/authors.tt2 +++ b/Open-ILS/src/templates/default/opac/parts/record/authors.tt2 @@ -42,7 +42,7 @@ END; NEXT UNLESS author.xpath; links = PROCESS build_author_links(xpath=author.xpath); IF links.match('\S') %] - [% author.label %] + [% author.label | html %]
[% links %]
[% END %] [% END %] diff --git a/Open-ILS/src/templates/default/opac/parts/record/awards.tt2 b/Open-ILS/src/templates/default/opac/parts/record/awards.tt2 index 57f10033df..25fdd55b9d 100644 --- a/Open-ILS/src/templates/default/opac/parts/record/awards.tt2 +++ b/Open-ILS/src/templates/default/opac/parts/record/awards.tt2 @@ -4,8 +4,8 @@ [% l('Patron Reviews:') %]
-
- +
+
diff --git a/Open-ILS/src/templates/default/opac/parts/record/cnbrowse.tt2 b/Open-ILS/src/templates/default/opac/parts/record/cnbrowse.tt2 index 83621b1d82..1b8364213d 100644 --- a/Open-ILS/src/templates/default/opac/parts/record/cnbrowse.tt2 +++ b/Open-ILS/src/templates/default/opac/parts/record/cnbrowse.tt2 @@ -1,10 +1,13 @@ -[% cnoffset = CGI.param('cnoffset') || 0; %] +[% + cnoffset = CGI.param('cnoffset'); + cnoffset = cnoffset.match('^\d+$') ? cnoffset : 0; # verify cnoffset is a sane value +%]
[% l("You are now browsing") %] - [% ctx.browsing_ou.name %] + [% ctx.browsing_ou.name | html %]
@@ -32,21 +35,21 @@ IF ident %] + src="[% ctx.media_prefix %]/opac/extras/ac/jacket/small/[% ident | uri %]" /> [% END %] -
[% cn.label %]
+
[% cn.label | html %]
[% rec_attrs.title %] + href="[% mkurl(ctx.opac_root _ '/record/' _ cn.record.id, {}, 1) %]">[% rec_attrs.title | html %]
[% IF rec_attrs.author %]
[% rec_attrs.author | html_entity %] + -%]">[% rec_attrs.author | html %]
[% END %] -
[% cn.owning_lib.name %]
+
[% cn.owning_lib.name | html %]
[% IF loop.index % 3 == 2; tr_open = 0 %] diff --git a/Open-ILS/src/templates/default/opac/parts/record/issues.tt2 b/Open-ILS/src/templates/default/opac/parts/record/issues.tt2 index 4f9f295cfa..551567d34b 100644 --- a/Open-ILS/src/templates/default/opac/parts/record/issues.tt2 +++ b/Open-ILS/src/templates/default/opac/parts/record/issues.tt2 @@ -11,7 +11,7 @@ FOREACH type IN ctx.holding_summaries.keys;
[% FOR blob IN ctx.expanded_holdings %] - + [% IF blob.has_units %] @@ -27,7 +27,7 @@
[% blob.issuance.label %][% blob.issuance.label | html %] [% l("Place Hold") %] diff --git a/Open-ILS/src/templates/default/opac/parts/record/summary.tt2 b/Open-ILS/src/templates/default/opac/parts/record/summary.tt2 index 53c22d2e95..5f3e74dbff 100644 --- a/Open-ILS/src/templates/default/opac/parts/record/summary.tt2 +++ b/Open-ILS/src/templates/default/opac/parts/record/summary.tt2 @@ -1,6 +1,6 @@ [% PROCESS "default/opac/parts/misc_util.tt2"; USE ResolverResolver; - ctx.page_title = attrs.title | html_entity + ctx.page_title = attrs.title | html %] @@ -16,9 +16,9 @@
[% ident = attrs.isbn_clean || attrs.upc; IF ident; %] - [% l('Image of item') %] + src='[% ctx.media_prefix %]/opac/extras/ac/jacket/medium/[% ident | uri %]' /> [% END %]
- + [% IF openurl.enabled == 'true'; FOR issn IN args.issns; @@ -99,21 +99,21 @@ - + - + - + - +
- [% attrs.title_extended | html_entity %]
+ [% attrs.title_extended | html %]
[% IF attrs.author %] [% l("Author") %]: [% attrs.author | html_entity %] + -%]">[% attrs.author | html %] [% END %] 		@@ -59,7 +59,7 @@
[% IF attrs.format_icon %] - [% attrs.format_label %] + [% attrs.format_label %] [% END %]
@@ -73,12 +73,12 @@ [% IF attrs.isbns.0 %][% l("ISBN") %][% END %] 		- [% FOR isbn IN attrs.isbns %][% IF !loop.first; %]
[% END; isbn; END %] + [% FOR isbn IN attrs.isbns %][% IF !loop.first; %]
[% END; isbn | html ; END %] 		[% IF attrs.phys_desc %][% l("Physical Description") %][% END %] [% attrs.phys_desc %][% attrs.phys_desc | html %]
[% IF attrs.marc_cn; l("Call Number"); END %] [% attrs.marc_cn %][% attrs.marc_cn | html %] [% IF attrs.edition; l("Edition"); END %] [% attrs.edition %][% attrs.edition | html %]
[% IF attrs.publisher; l("Publisher"); END %] [% attrs.publisher %][% attrs.publisher | html %] [% IF attrs.pubdate; l("Publication Date"); END %] [% attrs.pubdate %][% attrs.pubdate | html %]
@@ -170,13 +170,13 @@ [% org_name %] - [% copy_info.call_number_label %] - [% copy_info.barcode %] - [% copy_info.copy_location %] + [% copy_info.call_number_label | html %] + [% copy_info.barcode | html %] + [% copy_info.copy_location | html %] [% IF ctx.is_staff %] [% copy_info.age_protect ? - ctx.get_crahp(copy_info.age_protect).name : l('None') %] + ctx.get_crahp(copy_info.age_protect).name html : l('None') | html %] [% date.format( ctx.parse_datetime(copy_info.create_date), @@ -199,7 +199,7 @@ l("No"); END %] [% END %] - [% copy_info.copy_status %] + [% copy_info.copy_status | html %] [% IF copy_info.due_date; date.format( diff --git a/Open-ILS/src/templates/default/opac/parts/record/summaryplus.tt2 b/Open-ILS/src/templates/default/opac/parts/record/summaryplus.tt2 index 4b7552fbe0..d397b48678 100644 --- a/Open-ILS/src/templates/default/opac/parts/record/summaryplus.tt2 +++ b/Open-ILS/src/templates/default/opac/parts/record/summaryplus.tt2 @@ -4,7 +4,7 @@ [% l('Summary: ') %] [% FOR sum IN attrs.summary %] [% IF !loop.first; '
'; END %] - [% sum %] + [% sum | html %] [% END %]
[% END %] @@ -13,7 +13,7 @@ [% ident = attrs.isbn_clean || attrs.upc %]