## Changelog
+### 2.1.6 2017/01/17
+- [#2758](https://github.com/wallabag/wallabag/pull/2758) Fixed possible JS injection via the title edition (@nicosomb)
+- [#2736](https://github.com/wallabag/wallabag/pull/2736) Update copyright year (@lex111)
+- [#2624](https://github.com/wallabag/wallabag/pull/2624) Fix #2056 update config.yml (@Rurik19)
+
### 2.1.5 2016/11/21
+- [#2625](https://github.com/wallabag/wallabag/pull/2625) Prepare wallabag 2.1.5 (@nicosomb)
- [#2623](https://github.com/wallabag/wallabag/pull/2623) Force composer to run as PHP 5.5.9 (@j0k3r)
- [#2608](https://github.com/wallabag/wallabag/pull/2608) Change version to 2.2.0-dev (@nicosomb)
- [#2607](https://github.com/wallabag/wallabag/pull/2607) Updated changelog for 2.1.4 (@nicosomb)
- [#2397](https://github.com/wallabag/wallabag/pull/2397) Ensure orphan tag are remove in API (@j0k3r)
- [#2399](https://github.com/wallabag/wallabag/pull/2399) Use default locale for user config (@j0k3r)
- [#2400](https://github.com/wallabag/wallabag/pull/2400) Set env to prod in documentation (@j0k3r)
-- [#2396](https://github.com/wallabag/wallabag/pull/2396) Update messages.pl.yml (@mruminski)
+- [#2396](https://github.com/wallabag/wallabag/pull/2396) Update messages.pl.yml (@wallabag)
- [#2395](https://github.com/wallabag/wallabag/pull/2395) Add ability to use socket (@j0k3r)
- [#2386](https://github.com/wallabag/wallabag/pull/2386) Changed Changelog by using github-changelog-generator from @skywinder (@nicosomb)
- [#2389](https://github.com/wallabag/wallabag/pull/2389) Added default picture if preview picture is null (@nicosomb)
-Copyright (c) 2013-2016 Nicolas Lœuillet
+Copyright (c) 2013-2017 Nicolas Lœuillet
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
```
# License
-Copyright © 2013-2016 Nicolas Lœuillet <nicolas@loeuillet.org>
+Copyright © 2013-2017 Nicolas Lœuillet <nicolas@loeuillet.org>
This work is free. You can redistribute it and/or modify it under the
terms of the MIT License. See the COPYING file for more details.
assets: ~
wallabag_core:
- version: 2.1.5
+ version: 2.1.6
paypal_url: "https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=9UBA65LG3FX9Y&lc=gb"
languages:
en: 'English'
{% for entry in entries %}
<div id="entry-{{ entry.id|e }}" class="{% if listMode == 0 %}entry{% else %}listmode entry{% endif %}">
- <h2><a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title|raw }}">{{ entry.title|raw }}</a></h2>
+ <h2><a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title|e|raw }}">{{ entry.title|e|raw }}</a></h2>
{% set readingTime = entry.readingTime / app.user.config.readingSpeed %}
<div class="estimatedTime">
<li><a href="{{ path('tag_entries', {'slug': tag.slug}) }}">{{ tag.label }}</a></li>
{% endfor %}
</ul>
- <img class="preview" src="{{ entry.previewPicture }}" alt="{{ entry.title|raw }}" />
+ <img class="preview" src="{{ entry.previewPicture }}" alt="{{ entry.title|e|raw }}" />
{% endif %}
</div>
{% endfor %}
{% extends "WallabagCoreBundle::layout.html.twig" %}
-{% block title %}{{ entry.title|raw }} ({{ entry.domainName|removeWww }}){% endblock %}
+{% block title %}{{ entry.title|e|raw }} ({{ entry.domainName|removeWww }}){% endblock %}
{% block content %}
<div id="article">
<header class="mbm">
- <h1>{{ entry.title|raw }} <a href="{{ path('edit', { 'id': entry.id }) }}" class="nostyle" title="{{ 'entry.view.edit_title'|trans }}">✎</a></h1>
+ <h1>{{ entry.title|
e|raw }} <a href="{{ path('edit', { 'id': entry.id }) }}" class="nostyle" title="{{ 'entry.view.edit_title'|trans }}">✎</a></h1>
</header>
<div id="article_toolbar">
</aside>
</div>
{% if entry.previewPicture is not null %}
- <div><img class="preview" src="{{ entry.previewPicture }}" alt="{{ entry.title|raw }}" /></div>
+ <div><img class="preview" src="{{ entry.previewPicture }}" alt="{{ entry.title|e|raw }}" /></div>
{% endif %}
<article>
{{ entry.content | raw }}
{% for entry in entries %}
<item>
- <title><![CDATA[{{ entry.title }}]]></title>
+ <title><![CDATA[{{ entry.title|e }}]]></title>
<source url="{{ url('view', { 'id': entry.id }) }}">wallabag</source>
<link>{{ entry.url }}</link>
<guid>{{ entry.url }}</guid>
<html>
<head>
- <title>{{ entry.title | raw }}</title>
+ <title>{{ entry.title|e|raw }}</title>
<style>
body {
margin: 10px;
width: 600px;
}
</style>
- <meta property="og:title" content="{{ entry.title | raw }}" />
+ <meta property="og:title" content="{{ entry.title|e|raw }}" />
<meta property="og:type" content="article" />
<meta property="og:url" content="{{ app.request.uri }}" />
{% set picturePath = app.request.schemeAndHttpHost ~ asset('bundles/wallabagcore/themes/_global/img/logo-other_themes.png') %}
<meta name="twitter:card" content="summary" />
<meta name="twitter:image" content="{{ picturePath }}" />
<meta name="twitter:site" content="@wallabagapp" />
- <meta name="twitter:title" content="{{ entry.title | raw }}" />
+ <meta name="twitter:title" content="{{ entry.title|e|raw }}" />
<meta name="twitter:description" content="{{ entry.content|striptags|slice(0, 300)|raw }}…" />
</head>
<body>
<header>
- <h1>{{ entry.title | raw }}</h1>
- <div><a href="{{ entry.url|e }}" target="_blank" title="{{ 'entry.view.original_article'|trans }} : {{ entry.title|e }}" class="tool">{{ entry.domainName|removeWww }}</a></div>
+ <h1>{{ entry.title|e|raw }}</h1>
+ <div><a href="{{ entry.url|e }}" target="_blank" title="{{ 'entry.view.original_article'|trans }} : {{ entry.title|e|raw }}" class="tool">{{ entry.domainName|removeWww }}</a></div>
<div>{{ "entry.public.shared_by_wallabag"|trans({'%wallabag_instance%': url('homepage')})|raw }}</div>
</header>
<article>
<div class="card-content">
<span class="card-title dot-ellipsis dot-resize-update">
- <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | raw | striptags }}">
- {{ entry.title | raw | striptags | truncate(80, true, '…') }}
+ <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title| e | raw | striptags }}">
+ {{ entry.title | e | raw | striptags | truncate(80, true, '…') }}
</a>
</span>
<div class="card-body">
<div class="card-content">
<span class="card-title dot-ellipsis dot-resize-update">
- <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | raw | striptags }}">
- {{ entry.title | raw | striptags | truncate(80, true, '…') }}
+ <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | e | raw | striptags }}">
+ {{ entry.title | e | raw | striptags | truncate(80, true, '…') }}
</a>
</span>
<i class="grey-text text-darken-4 activator material-icons right">more_vert</i>
<span class="card-title dot-ellipsis dot-resize-update">
- <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | raw | striptags }}">
- {{ entry.title| striptags | truncate(80, true, '…') | raw }}
+ <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | e | raw | striptags }}">
+ {{ entry.title | e | striptags | truncate(80, true, '…') | raw }}
</a>
</span>
<div class="card-reveal">
<i class="card-title activator grey-text text-darken-4 material-icons right">clear</i>
<span class="card-title">
- <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | raw | striptags }}">
- {{ entry.title | raw | striptags | truncate(80, true, '…') }}
+ <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | e | raw | striptags }}">
+ {{ entry.title | e | raw | striptags | truncate(80, true, '…') }}
</a>
</span>
{% extends "WallabagCoreBundle::layout.html.twig" %}
-{% block title %}{{ entry.title|raw }} ({{ entry.domainName|removeWww }}){% endblock %}
+{% block title %}{{ entry.title|e|raw }} ({{ entry.domainName|removeWww }}){% endblock %}
{% block body_class %}entry{% endblock %}
{% block content %}
<div id="article">
<header class="mbm">
- <h1>{{ entry.title|raw }} <a href="{{ path('edit', { 'id': entry.id }) }}" title="{{ 'entry.view.edit_title'|trans }}">✎</a></h1>
+ <h1>{{ entry.title|
e|raw }} <a href="{{ path('edit', { 'id': entry.id }) }}" title="{{ 'entry.view.edit_title'|trans }}">✎</a></h1>
</header>
<aside>
<ul class="tools">
projects / github / wallabag / wallabag.git / commitdiff
