kass/matteo-the-prestige
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #134 from esSteres/indev

Browse Source 
(URGENT) Fix js injection vulnerability
This commit is contained in:
Sakimori 2021-01-06 14:36:01 -05:00 committed by GitHub
commit af657d3be2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
templates/game_box.html
View File

@ -5,18 +5,18 @@ src={% if state.bases[number] %}"/static/img/base_filled.png" alt="{{state.bases
{% if number <= state.outs %}/static/img/out_out.png{% else %}/static/img/out_in.png{% endif %} {% if number <= state.outs %}/static/img/out_out.png{% else %}/static/img/out_in.png{% endif %}
{%- endmacro %} {%- endmacro %}
<div class="header"> <div class="header">
<div class="inning">Inning: {% if state.display_top_of_inning == true %}🔼{% else %}🔽{% endif %} {{ state.display_inning }}/{{ state.max_innings }}</div> <div class="inning">Inning: {% if state.display_top_of_inning == true %}🔼{% else %}🔽{% endif %} {{ state.display_inning | escape }}/{{ state.max_innings | escape }}</div>
<div class="title">{{ state.title }}</div> <div class="title">{{ state.title | escape }}</div>
<div class="weather">{{ state.weather_emoji }} {{ state.weather_text }}</div> <div class="weather">{{ state.weather_emoji | escape }} {{ state.weather_text | escape }}</div>
</div> </div>
<div class="body"> <div class="body">
<div class="teams"> <div class="teams">
<div class="team"> <div class="team">
<div class="team_name">{{ state.away_name }}</div> <div class="team_name">{{ state.away_name | escape }}</div>
<div class="score">{{ state.away_score }}</div> <div class="score">{{ state.away_score }}</div>
</div> </div>
<div class="team"> <div class="team">
<div class="team_name">{{ state.home_name }}</div> <div class="team_name">{{ state.home_name | escape }}</div>
<div class="score">{{ state.home_score }}</div> <div class="score">{{ state.home_score }}</div>
</div> </div>
</div> </div>
@ -38,16 +38,16 @@ src={% if state.bases[number] %}"/static/img/base_filled.png" alt="{{state.bases
</div> </div>
<div class="players"> <div class="players">
<div class="player_type">PITCHER</div> <div class="player_type">PITCHER</div>
<div class="player_name pitcher_name">{{ state.pitcher }}</div> <div class="player_name pitcher_name">{{ state.pitcher | escape }}</div>
<div class="player_type">BATTER</div> <div class="player_type">BATTER</div>
<div class="player_name batter_name">{{ state.batter }}</div> <div class="player_name batter_name">{{ state.batter | escape }}</div>
</div> </div>
<div class="update"> <div class="update">
<div class="update_emoji">{{ state.update_emoji }}</div> <div class="update_emoji">{{ state.update_emoji | escape }}</div>
<div class="update_text">{{ state.update_text }}</div> <div class="update_text">{{ state.update_text | escape }}</div>
</div> </div>
</div> </div>
<div class="footer"> <div class="footer">
<div class="batting">{% if state.display_top_of_inning == true %}{{ state.away_name }}{% else %}{{ state.home_name }}{% endif %} batting.</div> <div class="batting">{% if state.display_top_of_inning == true %}{{ state.away_name | escape }}{% else %}{{ state.home_name | escape }}{% endif %} batting.</div>
<div class="leagueoruser">{{ state.leagueoruser }} (<a href="/game?timestamp={{ timestamp }}">share</a>)</div> <div class="leagueoruser">{{ state.leagueoruser | escape }} (<a href="/game?timestamp={{ timestamp }}">share</a>)</div>
</div> </div>