Ticket #7497: trac_7497-escape_view_edit_attached.patch

File trac_7497-escape_view_edit_attached.patch, 1.1 KB (added by mpatel, 12 years ago)

Escape data file content placed in view/edit window. sagenb repo.

  • sagenb/data/sage/html/notebook/download_or_delete_datafile.html

    # HG changeset patch
    # User Mitesh Patel <qed777@gmail.com>
    # Date 1262394413 28800
    # Node ID 4f454c5461b825be1dee936224f03fa90cc1e436
    # Parent  5308696711872cfad91f98be4313242f3a83f536
    #7497/sagenb: Escape data file contents in view/edit window
    
    diff --git a/sagenb/data/sage/html/notebook/download_or_delete_datafile.html b/sagenb/data/sage/html/notebook/download_or_delete_datafile.html
    a b INPUT: 
    3232{% elif file_is_text %}
    3333<form method="post" action="savedatafile" enctype="multipart/form-data">
    3434    <input type="submit" value="Save Changes" name="button_save" /> <input type="submit" value="Cancel" name="button_cancel" style="display:block" />
    35     <textarea class="edit" name="textfield" rows=17 cols=70 id="textfield">{{ text_file_content }}</textarea>
     35    <textarea class="edit" name="textfield" rows=17 cols=70 id="textfield">{{ text_file_content|e }}</textarea>
    3636    <input type="hidden" name="filename" value="{{ filename_ }}" id="filename" />
    3737</form>
    3838{% endif %}