From 524d7811c8ba66b1756a1f599dd894e04c6b8cf9 Mon Sep 17 00:00:00 2001
From: Cédric Bonhomme <kimble.mandel@gmail.com>
Date: Mon, 27 Jan 2014 11:00:28 +0100
Subject: explicitly mark a string as safe HTML with |safe

---
 pyaggr3g470r/templates/article.html   | 2 +-
 pyaggr3g470r/templates/articles.html  | 6 +++---
 pyaggr3g470r/templates/favorites.html | 6 +++---
 pyaggr3g470r/templates/home.html      | 6 +++---
 pyaggr3g470r/templates/search.html    | 6 +++---
 pyaggr3g470r/templates/unread.html    | 6 +++---
 pyaggr3g470r/views.py                 | 4 ++--
 7 files changed, 18 insertions(+), 18 deletions(-)

(limited to 'pyaggr3g470r')

diff --git a/pyaggr3g470r/templates/article.html b/pyaggr3g470r/templates/article.html
index 8d4c2695..54c9b9a2 100644
--- a/pyaggr3g470r/templates/article.html
+++ b/pyaggr3g470r/templates/article.html
@@ -6,7 +6,7 @@
 {% block content %}
 <div class="container">
     <div class="jumbotron">
-        <h2><a href="{{ article.link  }}">{{ article.title }}</a></h2>
+        <h2><a href="{{ article.link  }}">{{ article.title|safe }}</a></h2>
         <a href="/delete/{{ article.id }}"><i class="glyphicon glyphicon-remove" title="Delete this article"></i></a>
         {% if article.like %}
             <a href="/like/{{ article.id }}"><i class="glyphicon glyphicon-star" title="One of your favorites"></i></a>
diff --git a/pyaggr3g470r/templates/articles.html b/pyaggr3g470r/templates/articles.html
index f462f28b..eb4701d7 100644
--- a/pyaggr3g470r/templates/articles.html
+++ b/pyaggr3g470r/templates/articles.html
@@ -2,7 +2,7 @@
 {% block content %}
 <div class="container">
     <div class="jumbotron">
-        <h2><a href="{{ feed.site_link  }}">{{ feed.title }}</a></h2>
+        <h2><a href="{{ feed.site_link  }}">{{ feed.title|safe }}</a></h2>
         <a href="/feed/{{ feed.oid }}"><i class="glyphicon glyphicon-info-sign" title="Details"></i></a>
         <a href="/edit_feed/{{ feed.oid }}"><i class="glyphicon glyphicon-edit" title="Edit this feed"></i></a>
         <h3>{{ feed.articles|count  }} articles.</h3>
@@ -15,7 +15,7 @@
                 {% for n in range(number, number+3) %}
                 <div class="col-xs-6 col-sm-4 col-md-4">
                     {% if feed.articles[n].readed %}<h3>{% else %}<h1>{% endif %}
-                        <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title }}</a>
+                        <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title|safe }}</a>
                     {% if feed.articles[n].readed %}</h3>{% else %}</h1>{% endif %}
                     <h6>{{ feed.articles[n].date }}</h6>
                 </div>
@@ -27,7 +27,7 @@
                  {% for n in range(feed.articles|length-(feed.articles|length % 3), feed.articles|length) %}
                     <div class="col-xs-6 col-sm-4 col-md-4">
                         {% if feed.articles[n].readed %}<h3>{% else %}<h1>{% endif %}
-                            <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title }}</a>
+                            <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title|safe }}</a>
                         {% if feed.articles[n].readed %}</h3>{% else %}</h1>{% endif %}
                         <h6>{{ feed.articles[n].date }}</h6>
                     </div>
diff --git a/pyaggr3g470r/templates/favorites.html b/pyaggr3g470r/templates/favorites.html
index 1c8991f3..fb0b3220 100644
--- a/pyaggr3g470r/templates/favorites.html
+++ b/pyaggr3g470r/templates/favorites.html
@@ -7,7 +7,7 @@
         {% for feed in feeds|sort(attribute="title") %}
             <div class="row">
                 <div class="col-md-6 col-md-offset-3">
-                <h1>{{ feed.title }}</h1>
+                <h1>{{ feed.title|safe }}</h1>
                 <a href="/articles/{{ feed.oid }}"><i class="glyphicon glyphicon-th-list" title="All articles"></i></a>
                 <a href="/feed/{{ feed.oid }}"><i class="glyphicon glyphicon-info-sign" title="Details"></i></a>
                 <a href="/edit_feed/{{ feed.oid }}"><i class="glyphicon glyphicon-edit" title="Edit this feed"></i></a>
@@ -18,7 +18,7 @@
                     {% for n in range(number, number+3) %}
                     <div class="col-xs-6 col-sm-4 col-md-4">
                         {% if feed.articles[n].readed %}<h3>{% else %}<h1>{% endif %}
-                            <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title }}</a>
+                            <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title|safe }}</a>
                         {% if feed.articles[n].readed %}</h3>{% else %}</h1>{% endif %}
                         <h6>{{ feed.articles[n].date }}</h6>
                     </div>
@@ -30,7 +30,7 @@
                      {% for n in range(feed.articles|length-(feed.articles|length % 3), feed.articles|length) %}
                         <div class="col-xs-6 col-sm-4 col-md-4">
                             {% if feed.articles[n].readed %}<h3>{% else %}<h1>{% endif %}
-                                <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title }}</a>
+                                <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title|safe }}</a>
                             {% if feed.articles[n].readed %}</h3>{% else %}</h1>{% endif %}
                             <h6>{{ feed.articles[n].date }}</h6>
                         </div>
diff --git a/pyaggr3g470r/templates/home.html b/pyaggr3g470r/templates/home.html
index ed19c5c9..ad6eb426 100644
--- a/pyaggr3g470r/templates/home.html
+++ b/pyaggr3g470r/templates/home.html
@@ -7,7 +7,7 @@
         {% for feed in feeds|sort(attribute="title") %}
             <div class="row">
                 <div class="col-md-6 col-md-offset-3">
-                <h1>{{ feed.title }}</h1>
+                <h1>{{ feed.title|safe }}</h1>
                 <a href="/articles/{{ feed.oid }}"><i class="glyphicon glyphicon-th-list" title="All articles"></i></a>
                 <a href="/feed/{{ feed.oid }}"><i class="glyphicon glyphicon-info-sign" title="Details"></i></a>
                 <a href="/edit_feed/{{ feed.oid }}"><i class="glyphicon glyphicon-edit" title="Edit this feed"></i></a>
@@ -21,7 +21,7 @@
                     {% for n in range(number, number+3) %}
                     <div class="col-xs-6 col-sm-4 col-md-4">
                         {% if feed.articles[n].readed %}<h3>{% else %}<h1>{% endif %}
-                            <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title }}</a>
+                            <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title|safe }}</a>
                         {% if feed.articles[n].readed %}</h3>{% else %}</h1>{% endif %}
                         <h6>{{ feed.articles[n].date }}</h6>
                     </div>
@@ -33,7 +33,7 @@
                     {% for n in range(feed.articles|length-(feed.articles|length % 3), feed.articles|length) %}
                         <div class="col-xs-6 col-sm-4 col-md-4">
                             {% if feed.articles[n].readed %}<h3>{% else %}<h1>{% endif %}
-                                <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title }}</a>
+                                <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title|safe }}</a>
                             {% if feed.articles[n].readed %}</h3>{% else %}</h1>{% endif %}
                             <h6>{{ feed.articles[n].date }}</h6>
                         </div>
diff --git a/pyaggr3g470r/templates/search.html b/pyaggr3g470r/templates/search.html
index c89e2d90..8ae38811 100644
--- a/pyaggr3g470r/templates/search.html
+++ b/pyaggr3g470r/templates/search.html
@@ -8,7 +8,7 @@
         {% for feed in feeds|sort(attribute="title") %}
             <div class="row">
                 <div class="col-md-6 col-md-offset-3">
-                <h1>{{ feed.title }}</h1>
+                <h1>{{ feed.title|safe }}</h1>
                 <a href="/articles/{{ feed.oid }}"><i class="glyphicon glyphicon-th-list" title="All articles"></i></a>
                 <a href="/feed/{{ feed.oid }}"><i class="glyphicon glyphicon-info-sign" title="Details"></i></a>
                 <a href="/edit_feed/{{ feed.oid }}"><i class="glyphicon glyphicon-edit" title="Edit this feed"></i></a>
@@ -19,7 +19,7 @@
                     {% for n in range(number, number+3) %}
                     <div class="col-xs-6 col-sm-4 col-md-4">
                         {% if feed.articles[n].readed %}<h3>{% else %}<h1>{% endif %}
-                            <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title }}</a>
+                            <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title|safe }}</a>
                         {% if feed.articles[n].readed %}</h3>{% else %}</h1>{% endif %}
                         <h6>{{ feed.articles[n].date }}</h6>
                     </div>
@@ -31,7 +31,7 @@
                      {% for n in range(feed.articles|length-(feed.articles|length % 3), feed.articles|length) %}
                         <div class="col-xs-6 col-sm-4 col-md-4">
                             {% if feed.articles[n].readed %}<h3>{% else %}<h1>{% endif %}
-                                <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title }}</a>
+                                <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title|safe }}</a>
                             {% if feed.articles[n].readed %}</h3>{% else %}</h1>{% endif %}
                             <h6>{{ feed.articles[n].date }}</h6>
                         </div>
diff --git a/pyaggr3g470r/templates/unread.html b/pyaggr3g470r/templates/unread.html
index 25cfb79c..ed6aae19 100644
--- a/pyaggr3g470r/templates/unread.html
+++ b/pyaggr3g470r/templates/unread.html
@@ -7,7 +7,7 @@
         {% for feed in feeds|sort(attribute="title") %}
             <div class="row">
                 <div class="col-md-6 col-md-offset-3">
-                <h1>{{ feed.title }}</h1>
+                <h1>{{ feed.title|safe }}</h1>
                 <a href="/articles/{{ feed.oid }}"><i class="glyphicon glyphicon-th-list" title="All articles"></i></a>
                 <a href="/feed/{{ feed.oid }}"><i class="glyphicon glyphicon-info-sign" title="Details"></i></a>
                 <a href="/edit_feed/{{ feed.oid }}"><i class="glyphicon glyphicon-edit" title="Edit this feed"></i></a>
@@ -19,7 +19,7 @@
                     {% for n in range(number, number+3) %}
                     <div class="col-xs-6 col-sm-4 col-md-4">
                         {% if feed.articles[n].readed %}<h3>{% else %}<h1>{% endif %}
-                            <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title }}</a>
+                            <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title|safe }}</a>
                         {% if feed.articles[n].readed %}</h3>{% else %}</h1>{% endif %}
                         <h6>{{ feed.articles[n].date }}</h6>
                     </div>
@@ -31,7 +31,7 @@
                     {% for n in range(feed.articles|length-(feed.articles|length % 3), feed.articles|length) %}
                         <div class="col-xs-6 col-sm-4 col-md-4">
                             {% if feed.articles[n].readed %}<h3>{% else %}<h1>{% endif %}
-                                <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title }}</a>
+                                <a href="/article/{{ feed.articles[n].id }}">{{ feed.articles[n].title|safe }}</a>
                             {% if feed.articles[n].readed %}</h3>{% else %}</h1>{% endif %}
                             <h6>{{ feed.articles[n].date }}</h6>
                         </div>
diff --git a/pyaggr3g470r/views.py b/pyaggr3g470r/views.py
index 5e68febb..e2832500 100644
--- a/pyaggr3g470r/views.py
+++ b/pyaggr3g470r/views.py
@@ -160,7 +160,7 @@ def feed(feed_id=None):
                 average = 0
             elapsed = today - last_article
 
-            return render_template('feed.html', head_title=feed.title, feed=feed, tag_cloud=tag_cloud, \
+            return render_template('feed.html', head_title=utils.clear_string(feed.title), feed=feed, tag_cloud=tag_cloud, \
                                    first_post_date=first_article, end_post_date=last_article , \
                                    average=average, delta=delta, elapsed=elapsed)
 
@@ -175,7 +175,7 @@ def article(article_id=None):
     if not article.readed:
         article.readed = True
         article.save()
-    return render_template('article.html', head_title=article.title, article=article)
+    return render_template('article.html', head_title=utils.clear_string(article.title), article=article)
 
 @app.route('/mark_as_read/', methods=['GET'])
 @login_required
-- 
cgit