Fix HTML injection into page title; also some other TAL cleanup

Richard Jones · Richard Jones · commit c5c8522d8fd0 · 2008-08-18T06:37:15.000Z
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -22,6 +22,7 @@ Fixed:
 - Improved URL matching RE (sf #2038858)
 - Allow binary file content submission via XML-RPC (sf #1995623)
 - Don't run old code on newer database (sf #1979556)
+- Fix HTML injection into page title
 
 
 2008-03-01 1.4.4
diff --git a/templates/classic/html/issue.item.html b/templates/classic/html/issue.item.html
@@ -2,9 +2,9 @@
 <tal:block metal:use-macro="templates/page/macros/icing">
 <title metal:fill-slot="head_title">
 <tal:block condition="context/id" i18n:translate=""
- >Issue <span tal:replace="context/id" i18n:name="id"
- />: <span tal:replace="context/title" i18n:name="title"
- /> - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker"
+ >Issue <tal:x tal:content="context/id" i18n:name="id"
+ />: <tal:x content="context/title" i18n:name="title"
+ /> - <tal:x content="config/TRACKER_NAME" i18n:name="tracker"
 /></tal:block>
 <tal:block condition="not:context/id" i18n:translate=""
  >New Issue - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker"
@@ -122,10 +122,10 @@
 </tal:block>
 
 <p tal:condition="context/id" i18n:translate="">
- Created on <b><tal:x replace="context/creation" i18n:name="creation" /></b>
- by <b><tal:x replace="context/creator" i18n:name="creator" /></b>,
- last changed <b><tal:x replace="context/activity" i18n:name="activity" /></b>
- by <b><tal:x replace="context/actor" i18n:name="actor" /></b>.
+ Created on <b tal:content="context/creation" i18n:name="creation" />
+ by <b tal:content="context/creator" i18n:name="creator" />,
+ last changed <b content="context/activity" i18n:name="activity" />
+ by <b tal:content="context/actor" i18n:name="actor" />.
 </p>
 
 <table class="files" tal:condition="context/files">
diff --git a/templates/classic/html/user.item.html b/templates/classic/html/user.item.html
@@ -4,9 +4,9 @@
 >
 <title metal:fill-slot="head_title">
 <tal:if condition="context/id" i18n:translate=""
- >User <span tal:replace="context/id" i18n:name="id"
- />: <span tal:replace="context/username" i18n:name="title"
- /> - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker"
+ >User <tal:x content="context/id" i18n:name="id"
+ />: <tal:x content="context/username" i18n:name="title"
+ /> - <tal:x content="config/TRACKER_NAME" i18n:name="tracker"
 /></tal:if>
 <tal:if condition="not:context/id" i18n:translate=""
  >New User - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker"
diff --git a/templates/minimal/html/user.item.html b/templates/minimal/html/user.item.html
@@ -4,9 +4,9 @@
 >
 <title metal:fill-slot="head_title">
 <tal:if condition="context/id" i18n:translate=""
- >User <span tal:replace="context/id" i18n:name="id"
- />: <span tal:replace="context/username" i18n:name="title"
- /> - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker"
+ >User <tal:x content="context/id" i18n:name="id"
+ />: <tal:x content="context/username" i18n:name="title"
+ /> - <tal:x content="config/TRACKER_NAME" i18n:name="tracker"
 /></tal:if>
 <tal:if condition="not:context/id" i18n:translate=""
  >New User - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker"
