website Changeset - 14abe07a4a8b · Conservancy Kallithea

Parent rev.

Child rev.

[Not reviewed]

0 10 0

Ben Sturmfels (bsturmfels) - 2 years ago 2021-12-17 10:55:47
ben@sturm.com.au

Remove unnecessary use of "safe" template tag.

This tag marks a variable as not requiring escaping by the template engine,
potentially creating cross-site scripting vulnerabilities, so shouldn't be used
unless absolutely necessary. In these cases, I don't think it's necessary.

10 files changed with 14 insertions and 14 deletions:

www/conservancy/templates/blog/entry_detail.html

www/conservancy/templates/blog/entry_partial.html

www/conservancy/templates/feeds/blog_title.html

www/conservancy/templates/feeds/news_description.html

www/conservancy/templates/feeds/news_title.html

www/conservancy/templates/frontpage.html

www/conservancy/templates/news/pressrelease_detail.html

www/conservancy/templates/news/pressrelease_partial.html

www/conservancy/templates/opengraph_partial.html

www/conservancy/templates/sponsors.html

0 comments (0 inline, 0 general)

www/conservancy/templates/blog/entry_detail.html

➞

Show inline comments

...		@@ -8,3 +8,3 @@

		{% block subtitle %}{{ object.headline\|striptags~~\|safe~~ }} - Conservancy Blog - {% endblock %}
		{% block subtitle %}{{ object.headline\|striptags }} - Conservancy Blog - {% endblock %}

www/conservancy/templates/blog/entry_partial.html

➞

Show inline comments

@@ ... / @@ -20,3 +20,3 @@ This partial accepts these optional parameters: @@
   >{% if show|default:"body" != "body" %}<a href="{{ entry.get_absolute_url }}"
-  >{% endif %}{{ entry.headline|safe }}{% if show|default:"body" != "body" %}</a>{% endif %}</{{ htag|default:"h3" }}>
   >{% endif %}{{ entry.headline }}{% if show|default:"body" != "body" %}</a>{% endif %}</{{ htag|default:"h3" }}>

www/conservancy/templates/feeds/blog_title.html

➞

Show inline comments

		{{ obj.headline\|striptags~~\|safe~~ }}
		{{ obj.headline\|striptags }}

www/conservancy/templates/feeds/news_description.html

➞

Show inline comments

-{% if obj.subhead %}<p><strong>{{ obj.subhead|safe }}</strong></p>{% endif %}
 {% if obj.subhead %}<p><strong>{{ obj.subhead }}</strong></p>{% endif %}
 {{ obj.summary|safe }}

www/conservancy/templates/feeds/news_title.html

➞

Show inline comments

		{{ obj.headline\|striptags~~\|safe~~ }}
		{{ obj.headline\|striptags }}

www/conservancy/templates/frontpage.html

➞

Show inline comments

@@ ... @@
      charitable donations for its operations.
-     Please join {{supporters_count|safe}} others and <a href="/sustainer/"><strong>become a Conservancy Sustainer
+     Please join {{ supporters_count }} others and <a href="/sustainer/"><strong>become a Conservancy Sustainer
      today</strong></a> and/or <a href="/donate/">donate generously</a> to help our work!

www/conservancy/templates/news/pressrelease_detail.html

➞

Show inline comments

...		@@ -8,3 +8,3 @@

		{% block subtitle %}{{ object.headline\|striptags~~\|safe~~ }} - {% endblock %}
		{% block subtitle %}{{ object.headline\|striptags }} - {% endblock %}

www/conservancy/templates/news/pressrelease_partial.html

➞

Show inline comments

@@ ... / @@ -21,3 +21,3 @@ This partial accepts these optional parameters: @@
   >{% if show|default:"body" != "body" %}<a href="{{ pressr.get_absolute_url }}"
-  >{% endif %}{{ pressr.headline|safe }}{% if show|default:"body" != "body" %}</a>{% endif %}</{{ htag|default:"h3" }}>
   >{% endif %}{{ pressr.headline }}{% if show|default:"body" != "body" %}</a>{% endif %}</{{ htag|default:"h3" }}>
@@ ... / @@ -27,3 +27,3 @@ This partial accepts these optional parameters: @@
   <h{{ htag|default:"3"|last|get_digit:1|add:1 }}
-     >{{ pressr.subhead|safe }}</h{{ htag|default:"3"|last|get_digit:1|add:1 }}>
      >{{ pressr.subhead }}</h{{ htag|default:"3"|last|get_digit:1|add:1 }}>
 {% endif %}

www/conservancy/templates/opengraph_partial.html

➞

Show inline comments

@@ ... / @@ -38,3 +38,3 @@ normally shouldn't need to: @@
 {% if title %}
-<meta property="og:title" content="{{ title|striptags|safe }}">
 <meta property="og:title" content="{{ title|striptags }}">
 {% endif %}
@@ ... / @@ -42,3 +42,3 @@ normally shouldn't need to: @@
 {% if description %}
-<meta property="og:description" content="{{ description|striptags|safe }}">
 <meta property="og:description" content="{{ description|striptags }}">
 {% endif %}

www/conservancy/templates/sponsors.html

➞

Show inline comments

@@ ... / @@ -54,3 +54,3 @@ any of its sponsors.</p> @@
-<p>Conservancy currently has {{supporters_count|safe}} Sustainers.
+<p>Conservancy currently has {{ supporters_count }} Sustainers.
   Conservancy Sustainers are individuals (or small companies) who give $120
@@ ... / @@ -61,5 +61,5 @@ any of its sponsors.</p> @@
 <ul id="sustainers">
-<li>Anonymous ({{anonymous_count|safe}} people)</li>
+<li>Anonymous ({{ anonymous_count }} people)</li>
 {% for ss in supporters %}
-<li>{{ ss.display_name|safe }}</li>
 <li>{{ ss.display_name }}</li>
 {% endfor %}

0 comments (0 inline, 0 general)