Commit e800bcf1 authored by Aaron Wells's avatar Aaron Wells Committed by Melissa Draper
Browse files

Remove 'safe' function from template to prevent xss (Bug #1091764)



Change-Id: Ie3527cb51c42aab5d88dca1ac57507577389102a
Signed-off-by: default avatarMelissa Draper <melissa@catalyst.net.nz>
parent ca60db3a
......@@ -10,13 +10,12 @@
</thead>
<tbody>
{foreach from=$data item=n}
{assign var=shortdescription value=$n->description|str_shorten_html:100:true|safe}
<tr class="{cycle values=r0,r1}">
<td class="notetitle">
{if $n->locked}
<h4><a class="notetitle" href="" id="n{$n->id}">{$n->title|str_shorten_text:80:true|safe}</a></h4>
<h4><a class="notetitle" href="" id="n{$n->id}">{$n->title|str_shorten_text:80:true}</a></h4>
{else}
<h4><a class="notetitle" href="{$WWWROOT}artefact/internal/editnote.php?id={$n->id}" id="n{$n->id}">{$n->title|str_shorten_text:80:true|safe}</a></h4>
<h4><a class="notetitle" href="{$WWWROOT}artefact/internal/editnote.php?id={$n->id}" id="n{$n->id}">{$n->title|str_shorten_text:80:true}</a></h4>
{/if}
<div id="n{$n->id}_desc" class="hidden desc">{$n->description|clean_html|safe}</div>
</td>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment