diff options
| author | Dan Fandrich <danf@mageia.org> | 2025-09-09 20:50:36 -0700 |
|---|---|---|
| committer | Dan Fandrich <danf@mageia.org> | 2025-09-09 20:50:36 -0700 |
| commit | a70d437f277731800f44ed241a0154fc6984a129 (patch) | |
| tree | f19a3b22903a0a577cb677540489e323ee5c81ec | |
| parent | 13f0020614307c981eecb0fd316f195007cd7ef3 (diff) | |
| download | mgaadvisories-master.tar mgaadvisories-master.tar.gz mgaadvisories-master.tar.bz2 mgaadvisories-master.tar.xz mgaadvisories-master.zip | |
| -rw-r--r-- | tmpl/advisory.html | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/tmpl/advisory.html b/tmpl/advisory.html index bdffed9..e3af76b 100644 --- a/tmpl/advisory.html +++ b/tmpl/advisory.html @@ -1,9 +1,10 @@ -[% USE date -%] +[%- USE date -%] +[%- USE HTML -%] [%- SET adv = advdb.advisories.$advisory -%] <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> - <title>Mageia Advisory: [% advisory %] - [% adv.subject %]</title> + <title>Mageia Advisory: [% advisory %] - [% HTML.escape(adv.subject) %]</title> [%- INCLUDE head.html -%] </head> <body> @@ -12,7 +13,7 @@ <div class='content'> <div class='section'> - <h2>[% adv.subject %]</h2> + <h2>[% HTML.escape(adv.subject) %]</h2> Publication date: [% date.format(adv.status.published, format => '%d %b %Y', gmt => 1) %]<br /> Modification date: [% date.format(adv.status.modified, format => '%d %b %Y', gmt => 1) %]<br /> @@ -40,7 +41,7 @@ <div class='section'> <h2>Description</h2> <pre> - [%- adv.description -%] + [%- HTML.escape(adv.description) -%] </pre> </div> @@ -48,7 +49,7 @@ <h2>References</h2> <ul> [% FOREACH ref IN adv.references -%] - <li><a href="[% ref %]">[% ref %]</a></li> + <li><a href="[% HTML.escape(ref) %]">[% HTML.escape(ref) %]</a></li> [% END %] [%- IF adv.CVE -%] [%- FOREACH cve IN adv.CVE.list -%] @@ -65,7 +66,7 @@ <h3>[% rel %]/[% media %]</h3> <ul> [% FOREACH srpm IN adv.src.$rel.$media -%] - <li>[% srpm %]</li> + <li>[% HTML.escape(srpm) %]</li> [% END -%] </ul> [% END -%] |