Yadciel/Titan
1
0
Fork 0
mirror of https://github.com/TitanEmbeds/Titan.git synced 2025-11-03 23:37:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Escape css and guild names in the frontend

Browse Source
This commit is contained in:
Jeremy Zhang
2018-01-24 05:42:47 +00:00
parent b4e04a27c3
commit eea94477ea
5 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
webapp/titanembeds/templates/admin_guilds.html.j2
View File

@@ -18,7 +18,7 @@
</div>
<div class="col s7">
<span class="black-text">
<p class="flow-text truncate">{{ server.name }}</p>
<p class="flow-text truncate">{{ server.name|e }}</p>
<br>
<a class="waves-effect waves-light btn" href="{{url_for('admin.administrate_guild', guild_id=server['guild_id'])}}">Modify</a>
</span>

2
webapp/titanembeds/templates/administrate_guild.html.j2
View File

@@ -6,7 +6,7 @@
{% endblock %}
{% block content %}
<h1>Administrating: {{ guild['name'] }}</h1>
<h1>Administrating: {{ guild['name']|e }}</h1>
<p class="flow-text">For this server, you are allowed the following actions:
{% for permission in permissions %}
{{ permission }}

4
webapp/titanembeds/templates/dashboard.html.j2
View File

@@ -19,7 +19,7 @@
</div>
<div class="col s7">
<span class="black-text">
<p class="flow-text truncate">{{ server.name }}</p>
<p class="flow-text truncate">{{ server.name|e }}</p>
<br>
<a class="waves-effect waves-light btn" href="{{url_for('user.administrate_guild', guild_id=server['id'])}}">Modify</a>
</span>
@@ -56,7 +56,7 @@
{% for css in css_list %}
<div class="col l4 m6 s12">
<div class="card-panel indigo lighten-5 z-depth-3 hoverable black-text">
<p class="flow-text truncate"><code>#{{ css.id }}</code> {{ css.name }}</p>
<p class="flow-text truncate"><code>#{{ css.id }}</code> {{ css.name|e }}</p>
<a class="waves-effect waves-light btn" href="{{ url_for("user.edit_custom_css_get", css_id=css.id) }}">Modify</a>
</div>
</div>

2
webapp/titanembeds/templates/site_layout.html.j2
View File

@@ -10,7 +10,7 @@
<!--Let browser know website is optimized for mobile-->
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
<title>{{ title }} - Titan Embeds for Discord</title>
<title>{{ title|e }} - Titan Embeds for Discord</title>
<!--Provide default mobile metadata-->
<meta name="apple-mobile-web-app-title" content="Titan Embeds">

4
webapp/titanembeds/templates/usercss.html.j2
View File

@@ -24,7 +24,7 @@
{% endset %}
{% block content %}
<h1>{% if new %}New{% else %}Editing {{ css.name }}{% endif %} - User Defined CSS</h1>
<h1>{% if new %}New{% else %}Editing {{ css.name|e }}{% endif %} - User Defined CSS</h1>
<p><strong>Note:</strong> This feature is only used for CSS. Any attempts to enter HTML or malicious CSS code
will have CSS cosmetic privilages removed, if caught. Please don't, we check the databases often. Thanks!</p>
@@ -46,7 +46,7 @@ will have CSS cosmetic privilages removed, if caught. Please don't, we check the
<div class="row">
<div class="col s12">
<p class="flow-text">Give your CSS a name</p>
<input placeholder="Some Lit CSS" id="css_name" type="text" {% if not new %}value="{{ css.name }}"{% endif %}>
<input placeholder="Some Lit CSS" id="css_name" type="text" {% if not new %}value="{{ css.name|e }}"{% endif %}>
<label for="css_name">Name</label>
</div>
{% if admin %}