Fix a couple of escaping bugs discovered during code review of RSS patch.

diff --git a/template/commitfest_activity.tt2 b/template/commitfest_activity.tt2
index 358f2e935abeddffdd3229513a18401117e4bc93..d6038516c41dced2de297570ec0cebfd99d5bebb 100644 (file)
--- a/template/commitfest_activity.tt2
+++ b/template/commitfest_activity.tt2
@@ -13,10 +13,10 @@
 [% FOREACH a = activity %]
 <tr[% IF loop.last %] class='lastrow'[% END %]>
   <td class='colFirstT'>[% a.last_updated_time %]</td>
-  <td class='colMidT'>[% a.last_updater %]</td>
+  <td class='colMidT'>[% a.last_updater | htmlsafe %]</td>
   <td>[% IF a.patch_id.defined %]<a href='/action/patch_view?id=[% a.patch_id %]'>[% END %][% a.patch_name | htmlsafe %][% IF a.patch_id.defined %]</a>[% END %]</td>
-  <td class='colMidT'>[% a.activity_type | html %]</td>
-  <td class='colLastT'>[% a.details %]</td>
+  <td class='colMidT'>[% a.activity_type | htmlsafe %]</td>
+  <td class='colLastT'>[% a.details | htmlsafe %]</td>
 </tr>
 [% END %]
 </table>

diff --git a/template/header.tt2 b/template/header.tt2
index 2ab304bab4a11cae82f37a13ef30134d5800d573..4fd8018ef690a0ffb045a7230461e3c7443879ae 100644 (file)
--- a/template/header.tt2
+++ b/template/header.tt2
@@ -27,7 +27,7 @@
 <div id="commitfestContent">
        <table cellspacing='0' cellpadding='0' border='0' width='100%'>
                <tr>
-                       <td><h1>[% title %]</h1></td>
+                       <td><h1>[% title | htmlsafe %]</h1></td>
                        [% IF link.size != 0 %]<td style='text-align: right; padding-left: 10px'>[% FOREACH l = link %]<a href='[% l.0 %]'[% IF l.2.defined %] onClick='return confirm("[% l.2 | htmlsafe %]")'[% END %]>[% l.1 | html %]</a>[% IF !loop.last %] - [% END %][% END %]</td>[% END %]
                </tr>
        </table>