Changeset 447 for trunk/packages/sipb-xen-www/code/templates/list.tmpl

Timestamp:

Apr 22, 2008, 1:37:50 AM (16 years ago)

Author:

ecprice

Message:

Avoid html injection.

Cheetah is painful.

File:

• trunk/packages/sipb-xen-www/code/templates/list.tmpl (modified) (6 diffs)

trunk/packages/sipb-xen-www/code/templates/list.tmpl

@@ -20 +20 @@
     <input type="hidden" name="back" value="list"/>
       <table>
+#filter None
       $errorRow('create', $err)
+#end filter
         <tr>
           <td>Name</td>
           <td><input type="text" name="name" value="$defaults.name"/></td>
         </tr>
+#filter None
 $errorRow('name', $err)
+#end filter
         <tr>
           <td>Memory</td>
           <td><input type="text" name="memory" value="$defaults.memory" size=3/> MiB ($max_memory max)</td>
         </tr>
+#filter None
 $errorRow('memory', $err)
+#end filter
         <tr>
           <td>Disk</td>
           <td><input type="text" name="disk" value="$defaults.disk" size=3/> GiB (${"%0.1f" % ($max_disk-0.05)} max)</td>
         </tr>
+#filter None
 $errorRow('disk', $err)
+#end filter
         <tr>
-          <td>HVM/ParaVM$helppopup('hvm_paravm')</td>
-          <td>$vmTypeList($defaults.type)</td>
+          <td>HVM/ParaVM#slurp
+#filter None
+$helppopup('hvm_paravm')#slurp
+#end filter
+</td>
+          <td>
+#filter None
+$vmTypeList($defaults.type)
+#end filter
+</td>
         </tr>
+#filter None
 $errorRow('vmtype', $err)
+#end filter
         <tr>
-          <td>Autoinstall$helppopup('autoinstall')</td>
-          <td><input type="radio" name="cd_or_auto" id="cd_or_auto_auto">$autoList($defaults.cdrom, "document.getElementById('cd_or_auto_auto').checked = true;document.getElementById('cdromlist').value = ''")
+          <td>Autoinstall#slurp
+#filter None
+$helppopup('autoinstall')#slurp
+#end filter
+</td>
+          <td><input type="radio" name="cd_or_auto" id="cd_or_auto_auto">
+#filter None
+$autoList($defaults.cdrom, "document.getElementById('cd_or_auto_auto').checked = true;document.getElementById('cdromlist').value = ''")
               (experimental; 1-2 minutes, and you have a machine; root pw is 'password'.)
+#end filter
           </input>
         </tr>
         <tr>
           <td>Boot CD</td>
-          <td><input type="radio" name="cd_or_auto" id="cd_or_auto_cd" checked>$cdromList($defaults.cdrom, "document.getElementById('cd_or_auto_cd').checked = true;document.getElementById('autoinstalllist').value = ''")</td>
+          <td><input type="radio" name="cd_or_auto" id="cd_or_auto_cd" checked>
+#filter None
+$cdromList($defaults.cdrom, "document.getElementById('cd_or_auto_cd').checked = true;document.getElementById('autoinstalllist').value = ''")
+#end filter
+</td>
           </input>
         </tr>
@@ -58 +87 @@
           <td><input type="text" name="owner" value="$defaults.owner"/></td>
         </tr>
+#filter None
         $errorRow('owner', $err)
+#end filter
       </table>
       <input type="submit" class="button" value="Create it!"/>
@@ -86 +117 @@
 <a href="vnc?machine_id=$machine.machine_id">Console</a>#slurp
 #else if $has_vnc[$machine] != 'Off'
+#filter None
 $has_vnc[$machine]
+#end filter
 #end if
 </td>
@@ -107 +140 @@
         <th>Name</th>
         <th>Memory</th>
-        <th>Owner$helppopup('owner')</th>
-        <th>Administrator$helppopup('administrator')</th>
+        <th>Owner#slurp
+#filter None
+$helppopup('owner')#slurp
+#end filter
+</th>
+        <th>Administrator#slurp
+#filter None
+$helppopup('administrator')#slurp
+#end filter
+</th>
         <th>IP</th>
         <th>Uptime</th>
@@ -115 +156 @@
       </tr>
       #for $machine in $machines:
+    #filter None
         $machineRow($machine)
+    #end filter
       #end for
     </table>
@@ -128 +171 @@
     <p><a href="list">refresh</a></p>
     <div id="machinelist">
+    #filter None
     $machineList($machines)
+    #end filter
     </div>
+#filter None
 $createForm()
+#end filter
 #end def