githaven-fork/templates/repo/wiki/view.tmpl
Unknwon 134f3e6e09 Security: prevent XSS attach on wiki page
Reported by Miguel Ángel Jimeno.
2017-02-16 04:06:20 +01:00

105 lines
3.8 KiB
Cheetah

{{template "base/head" .}}
<div class="repository wiki view">
{{template "repo/header" .}}
{{ $title := .title | Sanitize}}
<div class="ui container">
<div class="ui grid">
<div class="ui ten wide column">
<div class="choose page">
<div class="ui floating filter dropdown" data-no-results="{{.i18n.Tr "repo.pulls.no_results"}}">
<div class="ui basic small button">
<span class="text">
{{.i18n.Tr "repo.wiki.page"}}:
<strong>{{$title}}</strong>
</span>
<i class="dropdown icon"></i>
</div>
<div class="menu">
<div class="ui icon search input">
<i class="filter icon"></i>
<input name="search" placeholder="{{.i18n.Tr "repo.wiki.filter_page"}}...">
</div>
<div class="scrolling menu">
{{range .Pages}}
<div class="item {{if eq $.Title .Name}}selected{{end}}" data-url="{{$.RepoLink}}/wiki/{{.URL}}">{{.Name | Sanitize}}</div>
{{end}}
</div>
</div>
</div>
</div>
</div>
<div class="ui six wide column">
<div class="ui action small input" id="clone-panel">
{{if not $.DisableHTTP}}
<button class="ui basic clone button" id="repo-clone-https" data-link="{{.WikiCloneLink.HTTPS}}">
{{if UseHTTPS}}HTTPS{{else}}HTTP{{end}}
</button>
{{end}}
{{if not $.DisableSSH}}
<button class="ui basic clone button" id="repo-clone-ssh" data-link="{{.WikiCloneLink.SSH}}">
SSH
</button>
{{end}}
{{if not $.DisableHTTP}}
<input id="repo-clone-url" value="{{$.WikiCloneLink.HTTPS}}" readonly>
{{else}}
<input id="repo-clone-url" value="{{$.WikiCloneLink.SSH}}" readonly>
{{end}}
<button class="ui basic icon button poping up clipboard" id="clipboard-btn" data-original="{{.i18n.Tr "repo.copy_link"}}" data-success="{{.i18n.Tr "repo.copy_link_success"}}" data-error="{{.i18n.Tr "repo.copy_link_error"}}" data-content="{{.i18n.Tr "repo.copy_link"}}" data-variation="inverted tiny" data-clipboard-target="#repo-clone-url">
<i class="octicon octicon-clippy"></i>
</button>
</div>
</div>
</div>
<div class="ui dividing header">
{{$title}}
{{if and .IsRepositoryWriter (not .Repository.IsMirror)}}
<div class="ui right">
<a class="ui small button" href="{{.RepoLink}}/wiki/{{EscapePound .PageURL}}/_edit">{{.i18n.Tr "repo.wiki.edit_page_button"}}</a>
<a class="ui green small button" href="{{.RepoLink}}/wiki/_new">{{.i18n.Tr "repo.wiki.new_page_button"}}</a>
<a class="ui red small button delete-button" href="" data-url="{{.RepoLink}}/wiki/{{EscapePound .PageURL}}/delete" data-id="{{EscapePound .PageURL}}">{{.i18n.Tr "repo.wiki.delete_page_button"}}</a>
</div>
{{end}}
<div class="ui sub header">
{{$timeSince := TimeSince .Author.When $.Lang}}
{{.i18n.Tr "repo.wiki.last_commit_info" .Author.Name $timeSince | Safe}}
</div>
</div>
{{if .FormatWarning}}
<div class="ui negative message">
<p>{{.FormatWarning}}</p>
</div>
{{end}}
<div class="ui {{if .sidebarPresent}}grid equal width{{end}}" style="margin-top: 1rem;">
<div class="ui {{if .sidebarPresent}}eleven wide column{{end}} segment markdown">
{{.content | Str2html}}
</div>
{{if .sidebarPresent}}
<div class="column" style="padding-top: 0;">
<div class="ui segment">
{{.sidebarContent | Str2html}}
</div>
</div>
{{end}}
</div>
{{if .footerPresent}}
<div class="ui grey segment">
{{.footerContent | Str2html}}
</div>
{{end}}
</div>
</div>
<div class="ui small basic delete modal">
<div class="ui icon header">
<i class="trash icon"></i>
{{.i18n.Tr "repo.wiki.delete_page_button"}}
</div>
<div class="content">
<p>{{.i18n.Tr "repo.wiki.delete_page_notice_1" $title | Safe}}</p>
</div>
{{template "base/delete_modal_actions" .}}
</div>
{{template "base/footer" .}}