Some more escaping
This commit is contained in:
parent
4f9f86e310
commit
56f21a4b89
|
@ -235,7 +235,7 @@ function dirfind_content(App $a, $prefix = "") {
|
||||||
'alt_text' => $alt_text,
|
'alt_text' => $alt_text,
|
||||||
'url' => Model\Contact::magicLink($jj->url),
|
'url' => Model\Contact::magicLink($jj->url),
|
||||||
'itemurl' => $itemurl,
|
'itemurl' => $itemurl,
|
||||||
'name' => htmlentities($jj->name),
|
'name' => $jj->name,
|
||||||
'thumb' => ProxyUtils::proxifyUrl($jj->photo, false, ProxyUtils::SIZE_THUMB),
|
'thumb' => ProxyUtils::proxifyUrl($jj->photo, false, ProxyUtils::SIZE_THUMB),
|
||||||
'img_hover' => $jj->tags,
|
'img_hover' => $jj->tags,
|
||||||
'conntxt' => $conntxt,
|
'conntxt' => $conntxt,
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
onmouseover="if (typeof t{{$contact.id}} != 'undefined') clearTimeout(t{{$contact.id}}); openMenu('contact-photo-menu-button-{{$contact.id}}')"
|
onmouseover="if (typeof t{{$contact.id}} != 'undefined') clearTimeout(t{{$contact.id}}); openMenu('contact-photo-menu-button-{{$contact.id}}')"
|
||||||
onmouseout="t{{$contact.id}}=setTimeout('closeMenu(\'contact-photo-menu-button-{{$contact.id}}\'); closeMenu(\'contact-photo-menu-{{$contact.id}}\');',200)" >
|
onmouseout="t{{$contact.id}}=setTimeout('closeMenu(\'contact-photo-menu-button-{{$contact.id}}\'); closeMenu(\'contact-photo-menu-{{$contact.id}}\');',200)" >
|
||||||
|
|
||||||
<a href="{{$contact.url}}" title="{{$contact.img_hover}}" /><img src="{{$contact.thumb}}" {{$contact.sparkle}} alt="{{$contact.name}}" /></a>
|
<a href="{{$contact.url}}" title="{{$contact.img_hover|escape}}" /><img src="{{$contact.thumb}}" {{$contact.sparkle}} alt="{{$contact.name|escape}}" /></a>
|
||||||
|
|
||||||
{{if $multiselect}}
|
{{if $multiselect}}
|
||||||
<input type="checkbox" class="contact-select" name="contact_batch[]" value="{{$contact.id}}">
|
<input type="checkbox" class="contact-select" name="contact_batch[]" value="{{$contact.id}}">
|
||||||
|
@ -31,7 +31,7 @@
|
||||||
|
|
||||||
<div class="contact-entry-desc">
|
<div class="contact-entry-desc">
|
||||||
<div class="contact-entry-name" id="contact-entry-name-{{$contact.id}}" >
|
<div class="contact-entry-name" id="contact-entry-name-{{$contact.id}}" >
|
||||||
{{$contact.name}}
|
{{$contact.name|escape}}
|
||||||
{{if $contact.account_type}} <span class="contact-entry-details" id="contact-entry-accounttype-{{$contact.id}}">({{$contact.account_type}})</span>{{/if}}
|
{{if $contact.account_type}} <span class="contact-entry-details" id="contact-entry-accounttype-{{$contact.id}}">({{$contact.account_type}})</span>{{/if}}
|
||||||
</div>
|
</div>
|
||||||
{{if $contact.alt_text}}<div class="contact-entry-details" id="contact-entry-rel-{{$contact.id}}" >{{$contact.alt_text}}</div>{{/if}}
|
{{if $contact.alt_text}}<div class="contact-entry-details" id="contact-entry-rel-{{$contact.id}}" >{{$contact.alt_text}}</div>{{/if}}
|
||||||
|
|
|
@ -220,7 +220,7 @@ We use this part to filter the contacts with jquery.textcomplete *}}
|
||||||
{{* The contact description (e.g. Name, Network, kind of connection and so on *}}
|
{{* The contact description (e.g. Name, Network, kind of connection and so on *}}
|
||||||
<div class="contact-entry-desc">
|
<div class="contact-entry-desc">
|
||||||
<div class="contact-entry-name" id="contact-entry-name-{$id}">
|
<div class="contact-entry-name" id="contact-entry-name-{$id}">
|
||||||
<h4 class="media-heading"><a href="{$url}">{$name}</a>
|
<h4 class="media-heading"><a href="{$url}">{$name|escape}</a>
|
||||||
{if $account_type} <small class="contact-entry-details" id="contact-entry-accounttype-{$id}">({$account_type})</small>{/if}
|
{if $account_type} <small class="contact-entry-details" id="contact-entry-accounttype-{$id}">({$account_type})</small>{/if}
|
||||||
{if $account_type == 'Forum'}<i class="fa fa-comments-o" aria-hidden="true"></i>{/if}
|
{if $account_type == 'Forum'}<i class="fa fa-comments-o" aria-hidden="true"></i>{/if}
|
||||||
{{* @todo this needs some changing in core because $contact.account_type contains a translated string which may notbe the same in every language *}}
|
{{* @todo this needs some changing in core because $contact.account_type contains a translated string which may notbe the same in every language *}}
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
<div class="media-body">
|
<div class="media-body">
|
||||||
<div class="text-muted time ago pull-right" title="{{$date}}">{{$ago}}</div>
|
<div class="text-muted time ago pull-right" title="{{$date}}">{{$ago}}</div>
|
||||||
|
|
||||||
<h4 class="media-heading">{{$from_name}}</h4>
|
<h4 class="media-heading">{{$from_name|escape}}</h4>
|
||||||
<div class="mail-list-subject"><a href="message/{{$id}}">{{$subject}}</a></div>
|
<div class="mail-list-subject"><a href="message/{{$id}}">{{$subject}}</a></div>
|
||||||
<a href="message/dropconv/{{$id}}" onclick="return confirmDelete();" title="{{$delete}}" class="pull-right" onmouseover="imgbright(this);" onmouseout="imgdull(this);">
|
<a href="message/dropconv/{{$id}}" onclick="return confirmDelete();" title="{{$delete}}" class="pull-right" onmouseover="imgbright(this);" onmouseout="imgdull(this);">
|
||||||
<i class="faded-icon fa fa-trash"></i>
|
<i class="faded-icon fa fa-trash"></i>
|
||||||
|
|
|
@ -252,7 +252,7 @@ as the value of $top_child_total (this is done at the end of this file)
|
||||||
{{/if}}
|
{{/if}}
|
||||||
|
|
||||||
{{if $item.title}}
|
{{if $item.title}}
|
||||||
<span class="wall-item-title" id="wall-item-title-{{$item.id}}"><h4 class="media-heading"><a href="{{$item.plink.href}}" class="{{$item.sparkle}} p-name">{{$item.title}}</a></h4><br /></span>
|
<span class="wall-item-title" id="wall-item-title-{{$item.id}}"><h4 class="media-heading"><a href="{{$item.plink.href}}" class="{{$item.sparkle}} p-name">{{$item.title|escape}}</a></h4><br /></span>
|
||||||
{{/if}}
|
{{/if}}
|
||||||
|
|
||||||
<div class="wall-item-body e-content {{if !$item.title}}p-name{{/if}}" id="wall-item-body-{{$item.id}}">{{$item.body}}</div>
|
<div class="wall-item-body e-content {{if !$item.title}}p-name{{/if}}" id="wall-item-body-{{$item.id}}">{{$item.body}}</div>
|
||||||
|
|
Loading…
Reference in a new issue