Merge pull request #250 from AppFlowy-IO/escape-html
feat: add escape for all template output
This commit is contained in:
commit
374338a7c2
|
|
@ -15,13 +15,13 @@
|
||||||
<button
|
<button
|
||||||
class="button cyan"
|
class="button cyan"
|
||||||
hx-target="#sso-list"
|
hx-target="#sso-list"
|
||||||
hx-get="/web/components/admin/sso/{{ sso_provider.id }}"
|
hx-get="/web/components/admin/sso/{{ sso_provider.id|escape }}"
|
||||||
>
|
>
|
||||||
More Info
|
More Info
|
||||||
</button>
|
</button>
|
||||||
<button
|
<button
|
||||||
class="deletUserBtn button red"
|
class="deletUserBtn button red"
|
||||||
hx-delete="/web-api/admin/sso/{{ sso_provider.id }}"
|
hx-delete="/web-api/admin/sso/{{ sso_provider.id|escape }}"
|
||||||
hx-confirm="Are you sure?"
|
hx-confirm="Are you sure?"
|
||||||
hx-target="closest tr"
|
hx-target="closest tr"
|
||||||
hx-swap="delete"
|
hx-swap="delete"
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@
|
||||||
hx-get="/web/components/user/user"
|
hx-get="/web/components/user/user"
|
||||||
class="button red"
|
class="button red"
|
||||||
>
|
>
|
||||||
{{ user.email }}
|
{{ user.email|escape }}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -14,13 +14,13 @@
|
||||||
<button
|
<button
|
||||||
class="button cyan"
|
class="button cyan"
|
||||||
hx-target="#admin-users"
|
hx-target="#admin-users"
|
||||||
hx-get="/web/components/admin/users/{{ user.id }}"
|
hx-get="/web/components/admin/users/{{ user.id|escape }}"
|
||||||
>
|
>
|
||||||
More Info
|
More Info
|
||||||
</button>
|
</button>
|
||||||
<button
|
<button
|
||||||
class="deletUserBtn button red"
|
class="deletUserBtn button red"
|
||||||
hx-delete="/web-api/admin/user/{{ user.id }}"
|
hx-delete="/web-api/admin/user/{{ user.id|escape }}"
|
||||||
hx-confirm="Are you sure?"
|
hx-confirm="Are you sure?"
|
||||||
hx-target="closest tr"
|
hx-target="closest tr"
|
||||||
hx-swap="delete"
|
hx-swap="delete"
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@
|
||||||
hx-get="/web/components/user/user"
|
hx-get="/web/components/user/user"
|
||||||
class="button cyan"
|
class="button cyan"
|
||||||
>
|
>
|
||||||
{{ user.email }}
|
{{ user.email|escape }}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@
|
||||||
<p>Email: {{ user.email|escape }}</p>
|
<p>Email: {{ user.email|escape }}</p>
|
||||||
<p>Role: {{ user.role|escape }}</p>
|
<p>Role: {{ user.role|escape }}</p>
|
||||||
<p>Phone: {{ user.phone|escape }}</p>
|
<p>Phone: {{ user.phone|escape }}</p>
|
||||||
<p>Email Confirmed At: {{ user.email_confirmed_at|default("-") }}</p>
|
<p>Email Confirmed At: {{ user.email_confirmed_at|default("-")|escape }}</p>
|
||||||
<p>Phone Confirmed At: {{ user.phone_confirmed_at|default("-")|escape }}</p>
|
<p>Phone Confirmed At: {{ user.phone_confirmed_at|default("-")|escape }}</p>
|
||||||
<p>Last Sign In At: {{ user.last_sign_in_at|default("-")|escape }}</p>
|
<p>Last Sign In At: {{ user.last_sign_in_at|default("-")|escape }}</p>
|
||||||
<p>Created At: {{ user.created_at|escape }}</p>
|
<p>Created At: {{ user.created_at|escape }}</p>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||||
<link href="/assets/base.css" rel="stylesheet" />
|
<link href="/assets/base.css" rel="stylesheet" />
|
||||||
<link href="/assets/message.css" rel="stylesheet" />
|
<link href="/assets/message.css" rel="stylesheet" />
|
||||||
<title>{% block title %}{{ title }}{% endblock %}</title>
|
<title>{% block title %}{{ title|escape }}{% endblock %}</title>
|
||||||
<script
|
<script
|
||||||
src="https://unpkg.com/htmx.org@1.9.6"
|
src="https://unpkg.com/htmx.org@1.9.6"
|
||||||
integrity="sha384-FhXw7b6AlE/jyjlZH5iHa/tTe9EpJ1Y55RjcgPbjeWMskSxZt1v9qkxLJWNJaGni"
|
integrity="sha384-FhXw7b6AlE/jyjlZH5iHa/tTe9EpJ1Y55RjcgPbjeWMskSxZt1v9qkxLJWNJaGni"
|
||||||
|
|
|
||||||
|
|
@ -75,10 +75,10 @@
|
||||||
{% for provider in oauth_providers %}
|
{% for provider in oauth_providers %}
|
||||||
<div class="oauth-icon">
|
<div class="oauth-icon">
|
||||||
<a
|
<a
|
||||||
href="/gotrue/authorize?provider={{ provider }}&redirect_to=/web/login"
|
href="/gotrue/authorize?provider={{ provider|escape }}&redirect_to=/web/login"
|
||||||
>
|
>
|
||||||
<div
|
<div
|
||||||
hx-get="../assets/{{ provider }}/logo.html"
|
hx-get="../assets/{{ provider|escape }}/logo.html"
|
||||||
hx-trigger="load"
|
hx-trigger="load"
|
||||||
hx-swap="outerHTML"
|
hx-swap="outerHTML"
|
||||||
></div>
|
></div>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue