Return-Path: X-Original-To: apmail-couchdb-commits-archive@www.apache.org Delivered-To: apmail-couchdb-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1F5FF11D13 for ; Mon, 19 May 2014 16:31:00 +0000 (UTC) Received: (qmail 81365 invoked by uid 500); 19 May 2014 16:22:08 -0000 Delivered-To: apmail-couchdb-commits-archive@couchdb.apache.org Received: (qmail 80906 invoked by uid 500); 19 May 2014 16:22:07 -0000 Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list commits@couchdb.apache.org Received: (qmail 75913 invoked by uid 99); 19 May 2014 16:17:19 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 19 May 2014 16:17:19 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id A0CCB9878DD; Mon, 19 May 2014 16:17:19 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: garren@apache.org To: commits@couchdb.apache.org Date: Mon, 19 May 2014 16:17:41 -0000 Message-Id: In-Reply-To: <49fb1b4064d446ba9720e079b49bbd01@git.apache.org> References: <49fb1b4064d446ba9720e079b49bbd01@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [23/47] couchdb commit: updated refs/heads/Update-Sidebar-Ui to c173e52 Use <%- when interpolating XSS targets - I tried to not be super heavy handed, only using <%- for values that could be set with XSS payloads or otherwise come from a user/data. Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/5e638923 Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/5e638923 Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/5e638923 Branch: refs/heads/Update-Sidebar-Ui Commit: 5e63892323139c62fbb9194d3f287fb8e829f1cb Parents: 519a488 Author: Kyle Snavely Authored: Thu May 1 11:57:42 2014 -0400 Committer: Kyle Snavely Committed: Thu May 1 14:08:47 2014 -0400 ---------------------------------------------------------------------- src/fauxton/app/addons/auth/templates/nav_dropdown.html | 2 +- src/fauxton/app/addons/auth/templates/nav_link_title.html | 2 +- src/fauxton/app/addons/config/templates/item.html | 6 +++--- src/fauxton/app/addons/documents/templates/changes.html | 2 +- src/fauxton/app/addons/documents/templates/ddoc_info.html | 2 +- .../app/addons/documents/templates/delete_database_modal.html | 2 +- .../app/addons/documents/templates/design_doc_selector.html | 6 +++--- src/fauxton/app/addons/documents/templates/doc.html | 4 ++-- src/fauxton/app/addons/permissions/templates/section.html | 2 +- src/fauxton/app/addons/replication/templates/form.html | 2 +- src/fauxton/app/addons/replication/templates/progress.html | 4 ++-- 11 files changed, 17 insertions(+), 17 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb/blob/5e638923/src/fauxton/app/addons/auth/templates/nav_dropdown.html ---------------------------------------------------------------------- diff --git a/src/fauxton/app/addons/auth/templates/nav_dropdown.html b/src/fauxton/app/addons/auth/templates/nav_dropdown.html index d61c24a..983b5f7 100644 --- a/src/fauxton/app/addons/auth/templates/nav_dropdown.html +++ b/src/fauxton/app/addons/auth/templates/nav_dropdown.html @@ -14,7 +14,7 @@ the License.
-

<%= user.name %>

+

<%- user.name %>