u/pc/rhodecode-enterprise-ce-fork-pc Commit - r1825:fcaa19d4

security: don't use literal in notifications....

ergo -

r1825:fcaa19d4 default

parent child

rhodecode/templates/admin/notifications/show_notification.mako

0 +4 -7

             </%def>
             <%def name="breadcrumbs_links()">
-                ${h.link_to(_('Notifications'),h.url('notifications'))}
+                ${h.link_to(_('Notifications'), h.url('notifications'))}
                 &raquo;
                 ${_('Show notification')}
             </%def>
                 <!-- box / title -->
                 <div class="title">
                     ${self.breadcrumbs()}
-                    ##<ul class="links">
-                    ##    <li>
-                    ##      <span ><a href="#">${_('Compose message')}</a></span>
-                    ##    </li>
-                    ##</ul>
                 </div>
                 <div class="table">
                   <div id="notification_${c.notification.notification_id}" class="main-content-full">
                       </div>
                     </div>
                     <div class="notification-body">
-                    <div class="notification-subject">${h.literal(c.notification.subject)}</div>
+                    <div class="notification-subject">
+                        <h3>${_('Subject')}: ${c.notification.subject}</h3>
+                    </div>
                     %if c.notification.body:
                         ${h.render(c.notification.body, renderer=c.visual.default_renderer, mentions=True)}
                     %endif

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages