diff options
author | lpsolit%gmail.com <> | 2006-10-15 05:26:50 +0200 |
---|---|---|
committer | lpsolit%gmail.com <> | 2006-10-15 05:26:50 +0200 |
commit | b1ef63e5bfc0d3995245b42154686db1400b2c22 (patch) | |
tree | 0db4955b3303c2e5565d6e97e8fac62c63147117 /template | |
parent | 40aae68e1263b9677285473a9205cef378b451c0 (diff) | |
download | bugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.gz bugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.xz |
Bug 206037: [SECURITY] Fix escaping/quoting in edit*.cgi scripts - Patch by Frédéric Buclin <LpSolit@gmail.com> r=justdave a=justdave
Diffstat (limited to 'template')
30 files changed, 84 insertions, 104 deletions
diff --git a/template/en/default/account/prefs/permissions.html.tmpl b/template/en/default/account/prefs/permissions.html.tmpl index dd6e1785b..77dda1ce4 100644 --- a/template/en/default/account/prefs/permissions.html.tmpl +++ b/template/en/default/account/prefs/permissions.html.tmpl @@ -42,8 +42,8 @@ <table align="center"> [% FOREACH bit_description = has_bits %] <tr> - <td>[% bit_description.name %]</td> - <td>[% bit_description.desc %]</td> + <td>[% bit_description.name FILTER html %]</td> + <td>[% bit_description.desc FILTER html_light %]</td> </tr> [% END %] </table> @@ -63,8 +63,8 @@ <table align="center"> [% FOREACH bit_description = set_bits %] <tr> - <td>[% bit_description.name %]</td> - <td>[% bit_description.desc %]</td> + <td>[% bit_description.name FILTER html %]</td> + <td>[% bit_description.desc FILTER html_light %]</td> </tr> [% END %] </table> diff --git a/template/en/default/account/prefs/settings.html.tmpl b/template/en/default/account/prefs/settings.html.tmpl index 3ef9a5852..568dac0cb 100644 --- a/template/en/default/account/prefs/settings.html.tmpl +++ b/template/en/default/account/prefs/settings.html.tmpl @@ -49,8 +49,8 @@ </td> <td> [% IF settings.${name}.is_enabled %] - <select name="[% name %]" id="[% name %]"> - <option value="[% default_name %]" + <select name="[% name FILTER html %]" id="[% name FILTER html %]"> + <option value="[% default_name FILTER html %]" [% ' selected="selected"' IF settings.${name}.is_default %]> Site Default ([% setting_descs.${default_val} OR default_val FILTER html %]) </option> @@ -64,8 +64,8 @@ [% END %] </select> [% ELSE %] - <select name="[% name %]" id="[% name %]" disabled="disabled"> - <option value="[% default_name %]"> + <select name="[% name FILTER html %]" id="[% name FILTER html %]" disabled="disabled"> + <option value="[% default_name FILTER html %]"> Site Default ([% setting_descs.${default_val} OR default_val FILTER html %]) </option> </select> diff --git a/template/en/default/admin/classifications/del.html.tmpl b/template/en/default/admin/classifications/del.html.tmpl index b450548b7..84c3cb197 100644 --- a/template/en/default/admin/classifications/del.html.tmpl +++ b/template/en/default/admin/classifications/del.html.tmpl @@ -36,7 +36,7 @@ <td valign="top">Description:</td> <td valign="top"> [% IF classification.description %] - [% classification.description FILTER none %] + [% classification.description FILTER html_light %] [% ELSE %] <font color="red">description missing</font> [% END %] diff --git a/template/en/default/admin/classifications/edit.html.tmpl b/template/en/default/admin/classifications/edit.html.tmpl index b1fc482c2..b56a401f4 100644 --- a/template/en/default/admin/classifications/edit.html.tmpl +++ b/template/en/default/admin/classifications/edit.html.tmpl @@ -59,7 +59,7 @@ <th align=right valign=top>[% product.name FILTER html %]</th> <td valign=top> [% IF product.description %] - [% product.description FILTER none %] + [% product.description FILTER html_light %] [% ELSE %] <font color="red">description missing</font> [% END %] diff --git a/template/en/default/admin/classifications/reclassify.html.tmpl b/template/en/default/admin/classifications/reclassify.html.tmpl index d45b88073..0db2fc265 100644 --- a/template/en/default/admin/classifications/reclassify.html.tmpl +++ b/template/en/default/admin/classifications/reclassify.html.tmpl @@ -33,7 +33,7 @@ <td valign="top">Description:</td> <td valign="top" colspan=3> [% IF classification.description %] - [% classification.description FILTER none %] + [% classification.description FILTER html_light %] [% ELSE %] <font color="red">description missing</font> [% END %] diff --git a/template/en/default/admin/classifications/select.html.tmpl b/template/en/default/admin/classifications/select.html.tmpl index eaa2149f0..fd3aaf45d 100644 --- a/template/en/default/admin/classifications/select.html.tmpl +++ b/template/en/default/admin/classifications/select.html.tmpl @@ -37,7 +37,7 @@ <td valign="top"><a href="editclassifications.cgi?action=edit&classification=[% cl.name FILTER url_quote %]"><b>[% cl.name FILTER html %]</b></a></td> <td valign="top"> [% IF cl.description %] - [% cl.description %] + [% cl.description FILTER html_light %] [% ELSE %] <font color="red">none</font> [% END %] diff --git a/template/en/default/admin/components/confirm-delete.html.tmpl b/template/en/default/admin/components/confirm-delete.html.tmpl index 4c94813fd..e7e00636e 100644 --- a/template/en/default/admin/components/confirm-delete.html.tmpl +++ b/template/en/default/admin/components/confirm-delete.html.tmpl @@ -44,7 +44,7 @@ </tr> <tr> <td valign="top">Component Description:</td> - <td valign="top">[% comp.description FILTER html %]</td> + <td valign="top">[% comp.description FILTER html_light %]</td> </tr> <tr> <td valign="top">Default assignee:</td> @@ -66,7 +66,7 @@ </tr> <tr> <td valign="top">Product Description:</td> - <td valign="top">[% product.description FILTER html %]</td> + <td valign="top">[% product.description FILTER html_light %]</td> [% END %] [% IF Param('usetargetmilestone') %] diff --git a/template/en/default/admin/components/updated.html.tmpl b/template/en/default/admin/components/updated.html.tmpl index a6f2c8b9d..a4cbfdf5b 100644 --- a/template/en/default/admin/components/updated.html.tmpl +++ b/template/en/default/admin/components/updated.html.tmpl @@ -56,7 +56,7 @@ <table> <tr> <td>Updated description to:</td> - <td>'[% comp.description FILTER html %]'</td> + <td>'[% comp.description FILTER html_light %]'</td> </tr> </table> [% END %] diff --git a/template/en/default/admin/groups/delete.html.tmpl b/template/en/default/admin/groups/delete.html.tmpl index d0c50f69a..f5aa7a9b4 100644 --- a/template/en/default/admin/groups/delete.html.tmpl +++ b/template/en/default/admin/groups/delete.html.tmpl @@ -48,7 +48,7 @@ <tr> <td>[% gid FILTER html %]</td> <td>[% name FILTER html %]</td> - <td>[% description FILTER html %]</td> + <td>[% description FILTER html_light %]</td> </tr> </table> diff --git a/template/en/default/admin/groups/edit.html.tmpl b/template/en/default/admin/groups/edit.html.tmpl index 51aba7ffe..a66e78fde 100644 --- a/template/en/default/admin/groups/edit.html.tmpl +++ b/template/en/default/admin/groups/edit.html.tmpl @@ -165,7 +165,7 @@ [% group.grpnam FILTER html %] </a> </td> - <td align="left" class="groupdesc">[% group.grpdesc FILTER html %]</td> + <td align="left" class="groupdesc">[% group.grpdesc FILTER html_light %]</td> </tr> [% END %] </table> diff --git a/template/en/default/admin/groups/list.html.tmpl b/template/en/default/admin/groups/list.html.tmpl index fe32bc53d..ef2c7486b 100644 --- a/template/en/default/admin/groups/list.html.tmpl +++ b/template/en/default/admin/groups/list.html.tmpl @@ -47,6 +47,7 @@ } {name => 'description' heading => 'Description' + allow_html_content => 1 } {name => 'userregexp' heading => 'User RegExp' diff --git a/template/en/default/admin/keywords/list.html.tmpl b/template/en/default/admin/keywords/list.html.tmpl index 999538561..1ffa0f27d 100755 --- a/template/en/default/admin/keywords/list.html.tmpl +++ b/template/en/default/admin/keywords/list.html.tmpl @@ -43,7 +43,8 @@ }, { name => "description" - heading => "Description" + heading => "Description" + allow_html_content => 1 }, { name => "bug_count" diff --git a/template/en/default/admin/products/confirm-delete.html.tmpl b/template/en/default/admin/products/confirm-delete.html.tmpl index e59dd8707..75aeb623a 100644 --- a/template/en/default/admin/products/confirm-delete.html.tmpl +++ b/template/en/default/admin/products/confirm-delete.html.tmpl @@ -56,7 +56,7 @@ [%# descriptions are intentionally not filtered to allow html content %] <td> [% IF classification.description %] - [% classification.description FILTER none %] + [% classification.description FILTER html_light %] [% ELSE %] <span style="color: red">missing</span> [% END %] @@ -78,7 +78,7 @@ [%# descriptions are intentionally not filtered to allow html content %] <td valign="top"> [% IF product.description %] - [% product.description FILTER none %] + [% product.description FILTER html_light %] [% ELSE %] <span style="color: red">missing</span> [% END %] @@ -132,7 +132,7 @@ [%# descriptions are intentionally not filtered to allow html content %] <td> [% IF c.description %] - [% c.description FILTER none %] + [% c.description FILTER html_light %] [% ELSE %] <span style="color: red">missing</span> [% END %] diff --git a/template/en/default/admin/products/edit-common.html.tmpl b/template/en/default/admin/products/edit-common.html.tmpl index e3edadc9c..afa15d73c 100644 --- a/template/en/default/admin/products/edit-common.html.tmpl +++ b/template/en/default/admin/products/edit-common.html.tmpl @@ -40,7 +40,7 @@ <tr> <th align="right">Description:</th> <td><textarea rows="4" cols="64" wrap="virtual" name="description"> - [% product.description FILTER none %]</textarea> + [% product.description FILTER html %]</textarea> </td> </tr> diff --git a/template/en/default/admin/products/edit.html.tmpl b/template/en/default/admin/products/edit.html.tmpl index 4e8cc7b19..105ec6e74 100644 --- a/template/en/default/admin/products/edit.html.tmpl +++ b/template/en/default/admin/products/edit.html.tmpl @@ -50,7 +50,7 @@ [% FOREACH component = product.components %] <b>[% component.name FILTER html %]:</b> [% IF component.description %] - [% component.description FILTER none %] + [% component.description FILTER html_light %] [% ELSE %] <font color="red">description missing</font> [% END %] diff --git a/template/en/default/admin/products/updated.html.tmpl b/template/en/default/admin/products/updated.html.tmpl index e74720fed..8a0790d6e 100644 --- a/template/en/default/admin/products/updated.html.tmpl +++ b/template/en/default/admin/products/updated.html.tmpl @@ -75,7 +75,7 @@ <p> Updated description to:</p> </p> - <p style="margin: 1em 3em 1em 3em">[% product.description FILTER html %]</p> + <p style="margin: 1em 3em 1em 3em">[% product.description FILTER html_light %]</p> [% updated = 1 %] [% END %] diff --git a/template/en/default/admin/settings/edit.html.tmpl b/template/en/default/admin/settings/edit.html.tmpl index 68c8577b0..9ca9226e7 100644 --- a/template/en/default/admin/settings/edit.html.tmpl +++ b/template/en/default/admin/settings/edit.html.tmpl @@ -64,7 +64,7 @@ page, and the Default Value will automatically apply to everyone. [% setting_descs.$name OR name FILTER html %] </td> <td> - <select name="[% name %]" id="[% name %]"> + <select name="[% name FILTER html %]" id="[% name FILTER html %]"> [% FOREACH x = settings.${name}.legal_values %] <option value="[% x FILTER html %]" [% " selected=\"selected\"" IF x == settings.${name}.default_value %]> @@ -75,8 +75,8 @@ page, and the Default Value will automatically apply to everyone. </td> <td align="center"> <input type="checkbox" - name="[% checkbox_name %]" - id="[% checkbox_name %]" + name="[% checkbox_name FILTER html %]" + id="[% checkbox_name FILTER html %]" [% " checked=\"checked\"" IF settings.${name}.is_enabled %]> <br> </td> diff --git a/template/en/default/admin/table.html.tmpl b/template/en/default/admin/table.html.tmpl index 29108fd6c..d13dceb66 100644 --- a/template/en/default/admin/table.html.tmpl +++ b/template/en/default/admin/table.html.tmpl @@ -32,7 +32,7 @@ # with the key xxx in data hash of the current row. # content: If specified, the content of this variable is used # instead of the data pulled from the current row. - # NOTE: This value is not HTML filtered at output! + # NOTE: This value is only partially HTML filtered! # content_use_field: If defined and true, then each value in the # column corresponds with a key in the # field_descs field, and that value from the @@ -41,8 +41,8 @@ # This content WILL be HTML-filtered in this case. # align: left/center/right. Controls the horizontal alignment of the # text in the column. - # allow_html_content: if defined, then this column allows html content - # so it will not be filtered + # allow_html_content: if defined, then this column allows some html content + # and so it will be only partially filtered. # yesno_field: Turn the data from 0/!0 into Yes/No # # data: @@ -94,6 +94,7 @@ content = c.content content_use_field = c.content_use_field align = c.align + class = c.class allow_html_content = c.allow_html_content yesno_field = c.yesno_field %] @@ -112,6 +113,8 @@ IF override.override_content_use_field %] [% SET align = override.align IF override.override_align %] + [% SET class = override.class + IF override.override_class %] [% SET allow_html_content = override.allow_html_content IF override.override_allow_html_content %] [% SET yesno_field = override.yesno_field @@ -122,7 +125,8 @@ [% END %] [% END %] - <td [% IF align %] align="[% align FILTER html %]" [% END %]> + <td [% IF align %] align="[% align FILTER html %]" [% END %] + [% IF class %] class="[% class FILTER html %]" [% END %]> [% IF contentlink %] [% link_uri = contentlink %] @@ -143,7 +147,7 @@ [% colname = row.${c.name} %] [% field_descs.${colname} FILTER html %] [% ELSIF content %] - [% content FILTER none %] + [% content FILTER html_light %] [% ELSE %] [% IF yesno_field %] [% IF row.${c.name} %] @@ -153,7 +157,7 @@ [% END %] [% ELSE %] [% IF allow_html_content %] - [% row.${c.name} FILTER none %] + [% row.${c.name} FILTER html_light %] [% ELSE %] [% row.${c.name} FILTER html %] [% END %] diff --git a/template/en/default/admin/users/edit.html.tmpl b/template/en/default/admin/users/edit.html.tmpl index f92492472..c35bb691f 100644 --- a/template/en/default/admin/users/edit.html.tmpl +++ b/template/en/default/admin/users/edit.html.tmpl @@ -89,7 +89,7 @@ <td class="groupname"> <label for="group_[% group.id %]"> <strong>[% group.name FILTER html %]:</strong> - [%+ group.description FILTER html %] + [%+ group.description FILTER html_light %] </label> </td> </tr> diff --git a/template/en/default/admin/users/list.html.tmpl b/template/en/default/admin/users/list.html.tmpl index 4b483e33d..41c5016f8 100644 --- a/template/en/default/admin/users/list.html.tmpl +++ b/template/en/default/admin/users/list.html.tmpl @@ -38,11 +38,9 @@ heading => 'Edit user...' contentlink => 'editusers.cgi?action=edit&userid=%%userid%%' _ listselectionurlparams - allow_html_content => 1 } {name => 'realname' heading => 'Real name' - allow_html_content => 1 } {heading => 'User Account Log' content => 'View' @@ -64,23 +62,38 @@ %] [% END %] +[%# Disabled users are crossed out. Missing realnames are noticed in red. %] +[% overrides.login_name = [] %] +[% overrides.realname = [] %] + [% FOREACH thisuser = users %] - [%# We FILTER html here because we need admin/table.html.tmpl to accept HTML - # for styling, so we cannot let admin/table.html.tmpl do the FILTER. - #%] - [% thisuser.login_name = BLOCK %] - [% thisuser.login_name FILTER html %] - [% END %] - [% IF thisuser.realname %] - [% thisuser.realname = BLOCK %] - [% thisuser.realname FILTER html %] - [% END %] - [% ELSE %] - [% SET thisuser.realname = '<span style="color: red">missing</span>' %] + [% IF !thisuser.realname %] + [%# We cannot pass one class now and one class later. %] + [% SET classes = (thisuser.disabledtext ? "bz_inactive missing" : "missing") %] + [% overrides.realname.push({ + match_value => "$thisuser.login_name" + match_field => 'login_name' + content => "missing" + override_content => 1 + class => "$classes" + override_class => 1 }) + %] [% END %] + [% IF thisuser.disabledtext %] - [% thisuser.login_name = "<span class=\"bz_inactive\">$thisuser.login_name</span>" %] - [% thisuser.realname = "<span class=\"bz_inactive\">$thisuser.realname</span>" %] + [% overrides.login_name.push({ + match_value => "$thisuser.login_name" + match_field => 'login_name' + class => "bz_inactive" + override_class => 1 }) + %] + + [% overrides.realname.push({ + match_value => "$thisuser.login_name" + match_field => 'login_name' + class => "bz_inactive" + override_class => 1 }) + %] [% END %] [% END %] @@ -89,6 +102,7 @@ [% PROCESS admin/table.html.tmpl columns = columns data = users + overrides = overrides %] <p> diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl index eb3aea2e4..812abb075 100644 --- a/template/en/default/bug/create/create.html.tmpl +++ b/template/en/default/bug/create/create.html.tmpl @@ -526,7 +526,7 @@ function handleWantsAttachment(wants_attachment) { <input type="checkbox" id="bit-[% g.bit %]" name="bit-[% g.bit %]" value="1" [% " checked=\"checked\"" IF g.checked %]> - <label for="bit-[% g.bit %]">[% g.description %]</label><br> + <label for="bit-[% g.bit %]">[% g.description FILTER html_light %]</label><br> [% END %] <br> [% END %] diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl index c93d08c2b..12fcb05c8 100644 --- a/template/en/default/bug/edit.html.tmpl +++ b/template/en/default/bug/edit.html.tmpl @@ -198,7 +198,7 @@ <td> [% get_resolution(bug.resolution) FILTER html %] [% IF bug.resolution == "DUPLICATE" %] - of [% terms.bug %] [%+ "${bug.dup_id}" FILTER bug_link(bug.dup_id) %] + of [% terms.bug %] [%+ "${bug.dup_id}" FILTER bug_link(bug.dup_id) FILTER none %] [% END %] </td> </tr> @@ -619,7 +619,7 @@ name="bit-[% group.bit %]" id="bit-[% group.bit %]" [% " checked=\"checked\"" IF group.ison %] [% " disabled=\"disabled\"" IF NOT group.ingroup %]> - <label for="bit-[% group.bit %]">[% group.description %]</label> + <label for="bit-[% group.bit %]">[% group.description FILTER html_light %]</label> <br> [% END %] [% END %] @@ -683,7 +683,7 @@ </th> <td> [% FOREACH depbug = bug.${dep.fieldname} %] - [% depbug FILTER bug_link(depbug) %][% " " %] + [% depbug FILTER bug_link(depbug) FILTER none %][% " " %] [% END %] </td> <td> diff --git a/template/en/default/bug/show-multiple.html.tmpl b/template/en/default/bug/show-multiple.html.tmpl index 2ebb3a21a..e3d38c022 100644 --- a/template/en/default/bug/show-multiple.html.tmpl +++ b/template/en/default/bug/show-multiple.html.tmpl @@ -303,7 +303,7 @@ <th>[% terms.Bug %] [%+ field_descs.${name} FILTER html %]:</th> <td> [% FOREACH depbug = bug.${name} %] - [% depbug FILTER bug_link(depbug) %][% ", " IF not loop.last() %] + [% depbug FILTER bug_link(depbug) FILTER none %][% ", " IF not loop.last() %] [% END %] </td> diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl index 70a4d28d0..c03704e72 100644 --- a/template/en/default/filterexceptions.pl +++ b/template/en/default/filterexceptions.pl @@ -112,7 +112,6 @@ ], 'reports/keywords.html.tmpl' => [ - 'keyword.description', 'keyword.bug_count', ], @@ -189,16 +188,10 @@ 'list/edit-multiple.html.tmpl' => [ 'group.id', - 'group.description', - 'group.description FILTER inactive', 'knum', 'menuname', ], -'list/list-simple.html.tmpl' => [ - 'title', -], - 'list/list.rdf.tmpl' => [ 'template_version', 'bug.bug_id', @@ -225,10 +218,6 @@ 'h.html', ], -'global/choose-classification.html.tmpl' => [ - 'class.description', -], - 'global/choose-product.html.tmpl' => [ 'target', ], @@ -314,13 +303,10 @@ 'bug.bug_id', 'bug.votes', 'group.bit', - 'group.description', 'dep.title', 'dep.fieldname', 'bug.${dep.fieldname}.join(\', \')', 'selname', - 'depbug FILTER bug_link(depbug)', - '"${bug.dup_id}" FILTER bug_link(bug.dup_id)', '" accesskey=\"$accesskey\"" IF accesskey', 'inputname', '" colspan=\"$colspan\"" IF $colspan', @@ -342,7 +328,6 @@ 'bug/show-multiple.html.tmpl' => [ 'bug.bug_id', - 'depbug FILTER bug_link(depbug)', 'attachment.id', 'flag.status', ], @@ -402,7 +387,6 @@ 'bug/create/create.html.tmpl' => [ 'g.bit', - 'g.description', 'sel.name', 'sel.description', 'cloned_bug_id', @@ -484,10 +468,6 @@ 'link_uri' ], -'admin/classifications/select.html.tmpl' => [ - 'cl.description', -], - 'admin/products/groupcontrol/confirm-edit.html.tmpl' => [ 'group.count', ], @@ -572,11 +552,6 @@ 'comp.bug_count' ], -'admin/settings/edit.html.tmpl' => [ - 'name', - 'checkbox_name' -], - 'account/login.html.tmpl' => [ 'target', ], @@ -587,11 +562,6 @@ 'prefname', ], -'account/prefs/permissions.html.tmpl' => [ - 'bit_description.name', - 'bit_description.desc', -], - 'account/prefs/prefs.html.tmpl' => [ 'current_tab.label', 'current_tab.name', @@ -601,9 +571,4 @@ 'group.id', ], -'account/prefs/settings.html.tmpl' => [ - 'name', - 'default_name' -], - ); diff --git a/template/en/default/global/choose-classification.html.tmpl b/template/en/default/global/choose-classification.html.tmpl index 0a14fe44e..df0c37911 100644 --- a/template/en/default/global/choose-classification.html.tmpl +++ b/template/en/default/global/choose-classification.html.tmpl @@ -54,7 +54,7 @@ </th> [% IF class.description %] - <td valign="top"> [% class.description %]</td> + <td valign="top"> [% class.description FILTER html_light %]</td> [% END %] </tr> [% END %] diff --git a/template/en/default/global/choose-product.html.tmpl b/template/en/default/global/choose-product.html.tmpl index 346a53751..da47332c2 100644 --- a/template/en/default/global/choose-product.html.tmpl +++ b/template/en/default/global/choose-product.html.tmpl @@ -51,7 +51,7 @@ [% p.name FILTER html %]</a>: </th> - <td valign="top">[% p.description FILTER none %]</td> + <td valign="top">[% p.description FILTER html_light %]</td> </tr> [% END %] diff --git a/template/en/default/list/edit-multiple.html.tmpl b/template/en/default/list/edit-multiple.html.tmpl index cf57bb651..38e4e930f 100644 --- a/template/en/default/list/edit-multiple.html.tmpl +++ b/template/en/default/list/edit-multiple.html.tmpl @@ -256,11 +256,8 @@ [% END %] <td> - [% IF group.isactive %] - [% group.description %] - [% ELSE %] - [% group.description FILTER inactive %] - [% END %] + [% SET inactive = !group.isactive %] + [% group.description FILTER html_light FILTER inactive(inactive) %] </td> </tr> diff --git a/template/en/default/list/list-simple.html.tmpl b/template/en/default/list/list-simple.html.tmpl index 9cdc1bed9..8494baf60 100644 --- a/template/en/default/list/list-simple.html.tmpl +++ b/template/en/default/list/list-simple.html.tmpl @@ -30,8 +30,6 @@ [%############################################################################%] [% DEFAULT title = "$terms.Bug List" %] -[% title = title FILTER html %] - [%############################################################################%] [%# Bug Table #%] @@ -40,7 +38,7 @@ <html> <head> - <title>[% title %]</title> + <title>[% title FILTER html %]</title> <base href="[% Param("urlbase") %]"> <link href="skins/standard/buglist.css" rel="stylesheet" type="text/css"> </head> diff --git a/template/en/default/reports/components.html.tmpl b/template/en/default/reports/components.html.tmpl index 1e9065a78..d135a7ef8 100644 --- a/template/en/default/reports/components.html.tmpl +++ b/template/en/default/reports/components.html.tmpl @@ -36,7 +36,7 @@ [% END %] <p> - [% product.description FILTER none %] + [% product.description FILTER html_light %] </p> <table> @@ -87,7 +87,7 @@ </tr> <tr> <td colspan="[% numcols - 1 %]"> - [% comp.description FILTER none %] + [% comp.description FILTER html_light %] </td> </tr> [% END %] diff --git a/template/en/default/reports/keywords.html.tmpl b/template/en/default/reports/keywords.html.tmpl index 979c50163..1a0ae0bf5 100644 --- a/template/en/default/reports/keywords.html.tmpl +++ b/template/en/default/reports/keywords.html.tmpl @@ -24,7 +24,7 @@ # keywords: array keyword objects. May be empty. Each has has four members: # id: id of the keyword # name: the name of the keyword - # description: keyword description. May be HTML. + # description: keyword description. Can contain some limited HTML code. # bug_count: number of bugs with that keyword # caneditkeywords: boolean. True if this user can edit keywords %] @@ -55,7 +55,7 @@ <a name="[% keyword.name FILTER html %]"> [% keyword.name FILTER html %]</a> </th> - <td>[% keyword.description %]</td> + <td>[% keyword.description FILTER html_light %]</td> <td align="center"> [% IF keyword.bug_count > 0 %] <a href="buglist.cgi?keywords=[% keyword.name FILTER url_quote %]&resolution=---"> |