##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
security: don't use literal in notifications....
ergo -
r1825:fcaa19d4 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,60 +1,57 b''
1 ## -*- coding: utf-8 -*-
1 ## -*- coding: utf-8 -*-
2 <%inherit file="/base/base.mako"/>
2 <%inherit file="/base/base.mako"/>
3
3
4 <%def name="title()">
4 <%def name="title()">
5 ${_('Show notification')} ${c.rhodecode_user.username}
5 ${_('Show notification')} ${c.rhodecode_user.username}
6 %if c.rhodecode_name:
6 %if c.rhodecode_name:
7 &middot; ${h.branding(c.rhodecode_name)}
7 &middot; ${h.branding(c.rhodecode_name)}
8 %endif
8 %endif
9 </%def>
9 </%def>
10
10
11 <%def name="breadcrumbs_links()">
11 <%def name="breadcrumbs_links()">
12 ${h.link_to(_('Notifications'),h.url('notifications'))}
12 ${h.link_to(_('Notifications'), h.url('notifications'))}
13 &raquo;
13 &raquo;
14 ${_('Show notification')}
14 ${_('Show notification')}
15 </%def>
15 </%def>
16
16
17 <%def name="menu_bar_nav()">
17 <%def name="menu_bar_nav()">
18 ${self.menu_items(active='admin')}
18 ${self.menu_items(active='admin')}
19 </%def>
19 </%def>
20
20
21 <%def name="main()">
21 <%def name="main()">
22 <div class="box">
22 <div class="box">
23 <!-- box / title -->
23 <!-- box / title -->
24 <div class="title">
24 <div class="title">
25 ${self.breadcrumbs()}
25 ${self.breadcrumbs()}
26 ##<ul class="links">
27 ## <li>
28 ## <span ><a href="#">${_('Compose message')}</a></span>
29 ## </li>
30 ##</ul>
31 </div>
26 </div>
32 <div class="table">
27 <div class="table">
33 <div id="notification_${c.notification.notification_id}" class="main-content-full">
28 <div id="notification_${c.notification.notification_id}" class="main-content-full">
34 <div class="notification-header">
29 <div class="notification-header">
35 ${self.gravatar(c.notification.created_by_user.email, 30)}
30 ${self.gravatar(c.notification.created_by_user.email, 30)}
36 <div class="desc">
31 <div class="desc">
37 ${c.notification.description}
32 ${c.notification.description}
38 </div>
33 </div>
39 <div class="delete-notifications">
34 <div class="delete-notifications">
40 <span id="${c.notification.notification_id}" class="delete-notification action"><i class="icon-delete" ></i></span>
35 <span id="${c.notification.notification_id}" class="delete-notification action"><i class="icon-delete" ></i></span>
41 </div>
36 </div>
42 </div>
37 </div>
43 <div class="notification-body">
38 <div class="notification-body">
44 <div class="notification-subject">${h.literal(c.notification.subject)}</div>
39 <div class="notification-subject">
40 <h3>${_('Subject')}: ${c.notification.subject}</h3>
41 </div>
45 %if c.notification.body:
42 %if c.notification.body:
46 ${h.render(c.notification.body, renderer=c.visual.default_renderer, mentions=True)}
43 ${h.render(c.notification.body, renderer=c.visual.default_renderer, mentions=True)}
47 %endif
44 %endif
48 </div>
45 </div>
49 </div>
46 </div>
50 </div>
47 </div>
51 </div>
48 </div>
52 <script type="text/javascript">
49 <script type="text/javascript">
53 var url = "${url('notification', notification_id='__NOTIFICATION_ID__')}";
50 var url = "${url('notification', notification_id='__NOTIFICATION_ID__')}";
54 var main = "${url('notifications')}";
51 var main = "${url('notifications')}";
55 $('.delete-notification').on('click',function(e){
52 $('.delete-notification').on('click',function(e){
56 var notification_id = e.currentTarget.id;
53 var notification_id = e.currentTarget.id;
57 deleteNotification(url,notification_id,[function(){window.location=main}])
54 deleteNotification(url,notification_id,[function(){window.location=main}])
58 })
55 })
59 </script>
56 </script>
60 </%def>
57 </%def>
General Comments 0
You need to be logged in to leave comments. Login now