diff options
author | Nicolas Lœuillet <nicolas@loeuillet.org> | 2017-01-17 11:59:14 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-01-17 11:59:14 +0100 |
commit | 9123cb3053a1e5e8730e44a2723cd61bb9b08512 (patch) | |
tree | 0eb9a92112c2e5913015abf01ff4e0b9e14c6d85 /src/Wallabag/CoreBundle/Resources/views/themes/material/Entry | |
parent | 96e2827605ab459bfc61ff96438eab8285d2a0c7 (diff) | |
parent | 3d9950792c0aef20643ce1c5f81670e1f7194af9 (diff) | |
download | wallabag-9123cb3053a1e5e8730e44a2723cd61bb9b08512.tar.gz wallabag-9123cb3053a1e5e8730e44a2723cd61bb9b08512.tar.zst wallabag-9123cb3053a1e5e8730e44a2723cd61bb9b08512.zip |
Merge pull request #2758 from wallabag/fix-public-sharing
Fixed possible JS injection via the title edition
Diffstat (limited to 'src/Wallabag/CoreBundle/Resources/views/themes/material/Entry')
4 files changed, 10 insertions, 10 deletions
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig index 0fdd5996..91a1bac0 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig | |||
@@ -11,8 +11,8 @@ | |||
11 | 11 | ||
12 | <div class="card-content"> | 12 | <div class="card-content"> |
13 | <span class="card-title dot-ellipsis dot-resize-update"> | 13 | <span class="card-title dot-ellipsis dot-resize-update"> |
14 | <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | raw | striptags }}"> | 14 | <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title| e | raw | striptags }}"> |
15 | {{ entry.title | raw | striptags | truncate(80, true, '…') }} | 15 | {{ entry.title | e | raw | striptags | truncate(80, true, '…') }} |
16 | </a> | 16 | </a> |
17 | </span> | 17 | </span> |
18 | 18 | ||
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_no_preview.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_no_preview.html.twig index 19a400b4..ed916e79 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_no_preview.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_no_preview.html.twig | |||
@@ -2,8 +2,8 @@ | |||
2 | <div class="card-body"> | 2 | <div class="card-body"> |
3 | <div class="card-content"> | 3 | <div class="card-content"> |
4 | <span class="card-title dot-ellipsis dot-resize-update"> | 4 | <span class="card-title dot-ellipsis dot-resize-update"> |
5 | <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | raw | striptags }}"> | 5 | <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | e | raw | striptags }}"> |
6 | {{ entry.title | raw | striptags | truncate(80, true, '…') }} | 6 | {{ entry.title | e | raw | striptags | truncate(80, true, '…') }} |
7 | </a> | 7 | </a> |
8 | </span> | 8 | </span> |
9 | 9 | ||
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig index b0e3c06d..d23be4d0 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig | |||
@@ -13,8 +13,8 @@ | |||
13 | <i class="grey-text text-darken-4 activator material-icons right">more_vert</i> | 13 | <i class="grey-text text-darken-4 activator material-icons right">more_vert</i> |
14 | 14 | ||
15 | <span class="card-title dot-ellipsis dot-resize-update"> | 15 | <span class="card-title dot-ellipsis dot-resize-update"> |
16 | <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | raw | striptags }}"> | 16 | <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | e | raw | striptags }}"> |
17 | {{ entry.title| striptags | truncate(80, true, '…') | raw }} | 17 | {{ entry.title | e | striptags | truncate(80, true, '…') | raw }} |
18 | </a> | 18 | </a> |
19 | </span> | 19 | </span> |
20 | 20 | ||
@@ -29,8 +29,8 @@ | |||
29 | <div class="card-reveal"> | 29 | <div class="card-reveal"> |
30 | <i class="card-title activator grey-text text-darken-4 material-icons right">clear</i> | 30 | <i class="card-title activator grey-text text-darken-4 material-icons right">clear</i> |
31 | <span class="card-title"> | 31 | <span class="card-title"> |
32 | <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | raw | striptags }}"> | 32 | <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | e | raw | striptags }}"> |
33 | {{ entry.title | raw | striptags | truncate(80, true, '…') }} | 33 | {{ entry.title | e | raw | striptags | truncate(80, true, '…') }} |
34 | </a> | 34 | </a> |
35 | </span> | 35 | </span> |
36 | 36 | ||
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig index c615a907..b445f7d5 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig | |||
@@ -1,6 +1,6 @@ | |||
1 | {% extends "WallabagCoreBundle::layout.html.twig" %} | 1 | {% extends "WallabagCoreBundle::layout.html.twig" %} |
2 | 2 | ||
3 | {% block title %}{{ entry.title|raw }} ({{ entry.domainName|removeWww }}){% endblock %} | 3 | {% block title %}{{ entry.title|e|raw }} ({{ entry.domainName|removeWww }}){% endblock %} |
4 | 4 | ||
5 | {% block body_class %}entry{% endblock %} | 5 | {% block body_class %}entry{% endblock %} |
6 | 6 | ||
@@ -209,7 +209,7 @@ | |||
209 | {% block content %} | 209 | {% block content %} |
210 | <div id="article"> | 210 | <div id="article"> |
211 | <header class="mbm"> | 211 | <header class="mbm"> |
212 | <h1>{{ entry.title|raw }} <a href="{{ path('edit', { 'id': entry.id }) }}" title="{{ 'entry.view.edit_title'|trans }}">✎</a></h1> | 212 | <h1>{{ entry.title|e|raw }} <a href="{{ path('edit', { 'id': entry.id }) }}" title="{{ 'entry.view.edit_title'|trans }}">✎</a></h1> |
213 | </header> | 213 | </header> |
214 | <aside> | 214 | <aside> |
215 | <ul class="tools"> | 215 | <ul class="tools"> |