mirror of
https://github.com/TitanEmbeds/Titan.git
synced 2024-11-14 18:11:23 +01:00
Escape css and guild names in the frontend
This commit is contained in:
parent
b4e04a27c3
commit
eea94477ea
@ -18,7 +18,7 @@
|
||||
</div>
|
||||
<div class="col s7">
|
||||
<span class="black-text">
|
||||
<p class="flow-text truncate">{{ server.name }}</p>
|
||||
<p class="flow-text truncate">{{ server.name|e }}</p>
|
||||
<br>
|
||||
<a class="waves-effect waves-light btn" href="{{url_for('admin.administrate_guild', guild_id=server['guild_id'])}}">Modify</a>
|
||||
</span>
|
||||
|
@ -6,7 +6,7 @@
|
||||
{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
<h1>Administrating: {{ guild['name'] }}</h1>
|
||||
<h1>Administrating: {{ guild['name']|e }}</h1>
|
||||
<p class="flow-text">For this server, you are allowed the following actions:
|
||||
{% for permission in permissions %}
|
||||
{{ permission }}
|
||||
|
@ -19,7 +19,7 @@
|
||||
</div>
|
||||
<div class="col s7">
|
||||
<span class="black-text">
|
||||
<p class="flow-text truncate">{{ server.name }}</p>
|
||||
<p class="flow-text truncate">{{ server.name|e }}</p>
|
||||
<br>
|
||||
<a class="waves-effect waves-light btn" href="{{url_for('user.administrate_guild', guild_id=server['id'])}}">Modify</a>
|
||||
</span>
|
||||
@ -56,7 +56,7 @@
|
||||
{% for css in css_list %}
|
||||
<div class="col l4 m6 s12">
|
||||
<div class="card-panel indigo lighten-5 z-depth-3 hoverable black-text">
|
||||
<p class="flow-text truncate"><code>#{{ css.id }}</code> {{ css.name }}</p>
|
||||
<p class="flow-text truncate"><code>#{{ css.id }}</code> {{ css.name|e }}</p>
|
||||
<a class="waves-effect waves-light btn" href="{{ url_for("user.edit_custom_css_get", css_id=css.id) }}">Modify</a>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -10,7 +10,7 @@
|
||||
<!--Let browser know website is optimized for mobile-->
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
|
||||
|
||||
<title>{{ title }} - Titan Embeds for Discord</title>
|
||||
<title>{{ title|e }} - Titan Embeds for Discord</title>
|
||||
|
||||
<!--Provide default mobile metadata-->
|
||||
<meta name="apple-mobile-web-app-title" content="Titan Embeds">
|
||||
|
@ -24,7 +24,7 @@
|
||||
{% endset %}
|
||||
|
||||
{% block content %}
|
||||
<h1>{% if new %}New{% else %}Editing {{ css.name }}{% endif %} - User Defined CSS</h1>
|
||||
<h1>{% if new %}New{% else %}Editing {{ css.name|e }}{% endif %} - User Defined CSS</h1>
|
||||
<p><strong>Note:</strong> This feature is only used for CSS. Any attempts to enter HTML or malicious CSS code
|
||||
will have CSS cosmetic privilages removed, if caught. Please don't, we check the databases often. Thanks!</p>
|
||||
|
||||
@ -46,7 +46,7 @@ will have CSS cosmetic privilages removed, if caught. Please don't, we check the
|
||||
<div class="row">
|
||||
<div class="col s12">
|
||||
<p class="flow-text">Give your CSS a name</p>
|
||||
<input placeholder="Some Lit CSS" id="css_name" type="text" {% if not new %}value="{{ css.name }}"{% endif %}>
|
||||
<input placeholder="Some Lit CSS" id="css_name" type="text" {% if not new %}value="{{ css.name|e }}"{% endif %}>
|
||||
<label for="css_name">Name</label>
|
||||
</div>
|
||||
{% if admin %}
|
||||
|
Loading…
Reference in New Issue
Block a user