Ignore:
Timestamp:
Apr 22, 2008, 1:37:50 AM (17 years ago)
Author:
ecprice
Message:

Avoid html injection.

Cheetah is painful.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/packages/sipb-xen-www/code/templates/info.tmpl

    r443 r447  
    4141        #end if
    4242      <td>Boot CD:</td>
    43       <td>$cdromList()</td>
     43      <td>#slurp
     44#filter None
     45$cdromList()#slurp
     46#end filter
     47</td>
    4448  </tr>
    4549    <tr>
     
    6266  <input type="hidden" name="machine_id" value="$defaults.machine_id"/>
    6367  <table>
    64     <tr><td>Owner${helppopup("owner")}:</td><td><input type="text" name="owner", value="$defaults.owner"/></td></tr>
     68    <tr><td>Owner#slurp
     69#filter None
     70$helppopup("owner")#slurp
     71#end filter
     72:</td><td><input type="text" name="owner", value="$defaults.owner"/></td></tr>
     73#filter None
    6574$errorRow('owner', $err)
    66     <tr><td>Administrator${helppopup("administrator")}:</td><td><input type="text" name="administrator", value="$defaults.administrator"/></td></tr>
     75#end filter
     76    <tr><td>Administrator#slurp
     77#filter None
     78$helppopup("administrator")#slurp
     79#end filter
     80:</td><td><input type="text" name="administrator", value="$defaults.administrator"/></td></tr>
     81#filter None
    6782$errorRow('administrator', $err)
     83#end filter
    6884    <tr><td>Contact email:</td><td><input type="text" name="contact" value="$defaults.contact"/></td></tr>
     85#filter None
    6986$errorRow('contact', $err)
     87#end filter
    7088#if not $on
    7189    <tr><td>Machine Name:</td><td><input type="text" name="name" value="$defaults.name"/></td></tr>
     90#filter None
    7291$errorRow('name', $err)
     92#end filter
    7393    <tr>
    74       <td>HVM/ParaVM$helppopup('hvm_paravm')</td>
    75       <td>$vmTypeList($defaults.type)</td>
     94      <td>HVM/ParaVM#slurp
     95#filter None
     96$helppopup('hvm_paravm')#slurp
     97#end filter
     98</td>
     99      <td>#slurp
     100#filter None
     101$vmTypeList($defaults.type)#slurp
     102#end filter
     103</td>
    76104    </tr>
    77105    <tr><td>Ram:</td><td><input type="text" size=3 name="memory" value="$defaults.memory"/>MiB (max $max_mem)</td></tr>
     106#filter None
    78107$errorRow('memory', $err)
     108#end filter
    79109    <tr><td>Disk:</td><td><input type="text" size=3 name="disk" value="$defaults.disk"/>GiB (max $max_disk)</td><td>WARNING: Modifying disk size may corrupt your data.</td></tr>
     110#filter None
    80111$errorRow('disk', $err)
     112#end filter
    81113#else
     114#filter None
    82115$errorRow('name', $err)
    83116$errorRow('memory', $err)
    84117$errorRow('disk', $err)
     118#end filter
    85119#end if
    86120    <tr><td><input type="submit" class="button" name="action" value="Change"/></td></tr>
     
    91125#def body
    92126<div id="info">
     127#filter None
    93128  $infoTable()
     129#end filter
    94130</div>
    95131
    96132<h2>Commands</h2>
    97133<div id="commands">
     134#filter None
    98135  $commands()
     136#end filter
    99137</div>
    100138<h2>Settings</h2>
    101139<div id="modify">
     140#filter None
    102141  $modifyForm()
     142#end filter
    103143</div>
    104144#end def
Note: See TracChangeset for help on using the changeset viewer.