Changeset - 14abe07a4a8b
[Not reviewed]
0 10 0
Ben Sturmfels (bsturmfels) - 2 years ago 2021-12-17 10:55:47
Remove unnecessary use of "safe" template tag.

This tag marks a variable as not requiring escaping by the template engine,
potentially creating cross-site scripting vulnerabilities, so shouldn't be used
unless absolutely necessary. In these cases, I don't think it's necessary.
10 files changed with 14 insertions and 14 deletions:
0 comments (0 inline, 0 general)
Show inline comments
{% extends "base_blog.html" %}

{% block head %}
{% include "opengraph_partial.html" with url=object.get_absolute_url title=object.headline description=object.get_description %}
{% include "opengraph_urllist_partial.html" with property='image' urls=object.get_one_image_url fallback='/img/conservancy-logo.png' %}
{% include "opengraph_urllist_partial.html" with property='video' urls=object.get_one_video_url %}
{% endblock %}

{% block subtitle %}{{ object.headline|striptags|safe }} - Conservancy Blog - {% endblock %}
{% block subtitle %}{{ object.headline|striptags }} - Conservancy Blog - {% endblock %}

{% block content %}
<div class="breadcrumbs">
  <p><a href="/">Home</a> / <a href="/news/">News</a> / <a href="/blog/">Blog</a></p>

{% include "blog/entry_partial.html" with entry=object htag="h2" only %}

<p class="blog-comments">Please email any comments on this entry to
  <a href=""></a>.</p>

<p><span class="continued"><a href="/blog/">Other Conservancy Blog entries&hellip;</a></span></p>

{% endblock %}
Show inline comments
@@ -5,33 +5,33 @@ This partial requires these parameters:
* `entry`: The BlogEntry object to render.

This partial accepts these optional parameters:

* `show`: How much of the BlogEntry to render.  Accepted values are
  "headline", "dateline", "summary", "summary+tags", and "body".
  Every value will render the parts listed before it, except "body"
  doesn't include "summary".  Default "body".
* `htag`: Name of the HTML tag to render the entry headline.  Default "h3".

{% endcomment %}

<div class="blog-entry">

<{{ htag|default:"h3" }} class="clear"
  >{% if show|default:"body" != "body" %}<a href="{{ entry.get_absolute_url }}"
  >{% endif %}{{ entry.headline|safe }}{% if show|default:"body" != "body" %}</a>{% endif %}</{{ htag|default:"h3" }}>
  >{% endif %}{{ entry.headline }}{% if show|default:"body" != "body" %}</a>{% endif %}</{{ htag|default:"h3" }}>

{% if show != "headline" %}
<p class="date">by <span class="author">{{ }}</span>
  on {{ entry.pub_date|date:"F j, Y" }}

{% if show != "dateline" %}

{% if show|default:"body" == "body" %}
{{ entry.body|safe }}
{% else %}
{{ entry.summary|safe }}
{% endif %}

{% if show|default:"body" != "body" %}
<p><a class="continued" href="{{ entry.get_absolute_url }}">Read More&hellip;</a></p>
Show inline comments
{{ obj.headline|striptags|safe }}
{{ obj.headline|striptags }}
Show inline comments
{% if obj.subhead %}<p><strong>{{ obj.subhead|safe }}</strong></p>{% endif %}
{% if obj.subhead %}<p><strong>{{ obj.subhead }}</strong></p>{% endif %}
{{ obj.summary|safe }}
{{ obj.body|safe }}
Show inline comments
{{ obj.headline|striptags|safe }}
{{ obj.headline|striptags }}
Show inline comments
@@ -91,32 +91,32 @@ strategies that defend FOSS (such as copyleft). <a href="/about" class="orange">

    <h2 class="f6 ttu mt2 mb1">RSS feed</h2>
    <div class="ml2">
      <a href="/feeds/omnibus" class="mr2"><svg class="orange" style="width: 30px; height: 30px;"><use href="{% static 'img/font_awesome.svg#rss-square' %}"></use></svg></a>

    <h2 class="f6 ttu mt2 mb1">Follow us</h2>
    <div class="ml2">
      {% include 'socials_partial.html' %}

<!-- <h2>Support Conservancy</h2>
     <p>As a 501(c)(3) non-profit charity, Conservancy relies on
     charitable donations for its operations.
     Please join {{supporters_count|safe}} others and <a href="/sustainer/"><strong>become a Conservancy Sustainer
     Please join {{ supporters_count }} others and <a href="/sustainer/"><strong>become a Conservancy Sustainer
     today</strong></a> and/or <a href="/donate/">donate generously</a> to help our work!

     <h2>Learn More about Conservancy</h2>
     <span class="continued"><a href="/about/">An Overview of Conservancy&hellip;</a></span>
     <span class="continued"><a href="/members/current/">Conservancy's current member projects&hellip;</a></span>
     <span class="continued"><a href="/members/services/">Services Conservancy provides to its member projects&hellip;</a></span>
     <span class="continued"><a href="/copyleft-compliance/">Conservancy's unique work  defending and upholding  copyleft licenses (e.g., the GPL) &hellip;</a></span>
     <span class="continued"><a href="/npoacct/">Conservancy's Non-Profit Accounting Project &hellip;</a></span>
     </p> -->
{% endblock %}
Show inline comments
{% extends "base_news.html" %}

{% block head %}
{% include "opengraph_partial.html" with url=object.get_absolute_url title=object.headline description=object.get_description %}
{% include "opengraph_urllist_partial.html" with property='image' urls=object.get_one_image_url fallback='/img/conservancy-logo.png' %}
{% include "opengraph_urllist_partial.html" with property='video' urls=object.get_one_video_url %}
{% endblock %}

{% block subtitle %}{{ object.headline|striptags|safe }} - {% endblock %}
{% block subtitle %}{{ object.headline|striptags }} - {% endblock %}

{% block content %}

<div id="mainContent">
  <div class="breadcrumbs">
    <p><a href="/">Home</a> / <a href="/news/">News</a></p>
{% include "news/pressrelease_partial.html" with pressr=object htag="h2" only %}
{% endblock %}
Show inline comments
@@ -6,39 +6,39 @@ This partial requires these parameters:

This partial accepts these optional parameters:

* `show`: How much of the PressRelease to render.  Accepted values are
  "headline", "dateline", "subhead", "summary", and "body".
  Every value will render the parts listed before it.  Default "body".
* `htag`: Name of the HTML tag to render the pressr headline.
  If you're passing show="subhead" or a greater detail level, this
  must be a headline tag h1 through h5, inclusive.  Default "h3".

{% endcomment %}

<div class="press-release">

<{{ htag|default:"h3" }} class="clear"
  >{% if show|default:"body" != "body" %}<a href="{{ pressr.get_absolute_url }}"
  >{% endif %}{{ pressr.headline|safe }}{% if show|default:"body" != "body" %}</a>{% endif %}</{{ htag|default:"h3" }}>
  >{% endif %}{{ pressr.headline }}{% if show|default:"body" != "body" %}</a>{% endif %}</{{ htag|default:"h3" }}>

{% if show != "headline" %}
{% if show != "dateline" and pressr.subhead %}
  {# This filter sequence generates the "next" hN tag from htag #}
  <h{{ htag|default:"3"|last|get_digit:1|add:1 }}
     >{{ pressr.subhead|safe }}</h{{ htag|default:"3"|last|get_digit:1|add:1 }}>
     >{{ pressr.subhead }}</h{{ htag|default:"3"|last|get_digit:1|add:1 }}>
{% endif %}

<p class="date">{{ pressr.pub_date|date:"F j, Y" }}</p>

{% if show != "dateline" and show != "subhead" %}
  {% if pressr.summary %}
    {{ pressr.summary|safe }}
  {% endif %}

  {% if pressr.body %}
    {% if show == "summary" %}
      <p><a class="continued" href="{{ pressr.get_absolute_url }}">Read More&hellip;</a></p>
    {% else %}
      {{ pressr.body|safe }}
    {% endif %}
  {% endif %}
Show inline comments
@@ -23,22 +23,22 @@ normally shouldn't need to:
{% endcomment %}

{# This partial needs work before other cards besides "summary" are supported. #}
<meta property="twitter:card" content="summary">
<meta property="twitter:site" content="{{ twitter_site|default:"@conservancy" }}">

<meta property="og:type" content="{{ type|default:"website" }}">
<meta property="og:locale" content="{{ locale|default:"en_US" }}">
<meta property="og:site_name" content="{{ site_name|default:"Software Freedom Conservancy" }}">

{% if url %}
{% load fill_url %}
<meta property="og:url" content="{{ url|fill_url:host_url }}">
{% endif %}

{% if title %}
<meta property="og:title" content="{{ title|striptags|safe }}">
<meta property="og:title" content="{{ title|striptags }}">
{% endif %}

{% if description %}
<meta property="og:description" content="{{ description|striptags|safe }}">
<meta property="og:description" content="{{ description|striptags }}">
{% endif %}
Show inline comments
@@ -39,30 +39,30 @@ any of its sponsors.</p>

<!-- This section will be added when we have in-kind contributions -->

<!-- <h3>In-Kind Donation of Services</h3> -->

<!-- <p>Conservancy would also like to thank the following companies who have -->
<!--   donated services and/or resources in-kind to support Conservancy's -->
<!--   work.</p> -->

<!-- <ul> -->
<!-- </ul> -->

<p>Conservancy currently has {{supporters_count|safe}} Sustainers.
<p>Conservancy currently has {{ supporters_count }} Sustainers.
  Conservancy Sustainers are individuals (or small companies) who give $120
  or more annually as part of <a href="/sustainer/">the Official Conservancy
  Sustainer program</a>.  Those who request public acknowledgment are listed
  here in order by the date when they first joined the Sustainer program:</p>

<ul id="sustainers">
<li>Anonymous ({{anonymous_count|safe}} people)</li>
<li>Anonymous ({{ anonymous_count }} people)</li>
{% for ss in supporters %}
<li>{{ ss.display_name|safe }}</li>
<li>{{ ss.display_name }}</li>
{% endfor %}

{% endblock %}
0 comments (0 inline, 0 general)