Merge pull request #781 from MrPetovan/task/6208-smarty-escaping

Smarty escaping
This commit is contained in:
Michael Vogel 2018-12-20 20:27:55 +01:00 committed by GitHub
commit 2e8f2916df
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 6 additions and 6 deletions

View file

@ -3,7 +3,7 @@
<div id="rules"></div>
<script>
var existingRules = {{$rules}};
var existingRules = {{$rules nofilter}};
var messages = {
{{foreach $messages as $key => $value}}

View file

@ -36,7 +36,7 @@
</div>
</div>
<div class="forumdirectory-copy-wrapper" id="forumdirectory-copy-wrapper-{{$id}}" >
{{if $about}}<dl class="forumdirectory-copy"><dt class="forumdirectory-copy-label">{{$about}}</dt><dd class="forumdirectory-copy-data">{{$profile.about}}</dd></dl>{{/if}}
{{if $about}}<dl class="forumdirectory-copy"><dt class="forumdirectory-copy-label">{{$about}}</dt><dd class="forumdirectory-copy-data">{{$profile.about nofilter}}</dd></dl>{{/if}}
</div>
</div>
</div>

View file

@ -3,7 +3,7 @@
* DO NOT EDIT THIS FILE, CHANGES WILL BE OVERWRITTEN
*
*}}
<div class="mailstream-item-body">{{$item.body}}</div>
<div class="mailstream-item-body">{{$item.body nofilter}}</div>
{{if $item.plink}}
<div>{{$upstream}}: <a class="mailstream-item-plink" href="{{$item.plink}}">{{$item.plink}}</a><div>
<div>{{$local}}: <a class="mailstream-item-url" href="{{$item.url}}">{{$item.url}}</a></div>

View file

@ -6,7 +6,7 @@
<span class="fakelink" onclick="openClose('settings_mathjax_expanded'); openClose('settings_mathjax_inflated');">
<h3>{{$title}}</h3>
</span>
<p>{{$description}}</p>
<p>{{$description nofilter}}</p>
{{include file="field_checkbox.tpl" field=$mathjax_use}}
<div class="clear"></div>

View file

@ -16,8 +16,8 @@
{{include file="field_textarea.tpl" field=$publickey}}
<div class="form-group pull-right settings-submit-wrapper" >
<button type="submit" name="securemail-submit" class="btn btn-primary" value="{{$submit|escape:'html'}}">{{$submit}}</button>
<button type="submit" name="securemail-submit" class="btn btn-default" value="{{$test|escape:'html'}}">{{$test}}</button>
<button type="submit" name="securemail-submit" class="btn btn-primary" value="{{$submit}}">{{$submit}}</button>
<button type="submit" name="securemail-submit" class="btn btn-default" value="{{$test}}">{{$test}}</button>
</div>
<div class="clear"></div>
</div>