vivlim
/
searx
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[fix] proper escaping of the search query in templates

This commit is contained in:
Adam Tauber 2016-12-04 23:07:46 +01:00
parent 7986d4cf41
commit 28f12ef5a0
4 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
searx/templates/courgette/results.html
View File

@ -1,6 +1,6 @@
{% extends "courgette/base.html" %} {% extends "courgette/base.html" %}
{% block title %}{{ q }} - {% endblock %} {% block title %}{{ q|e }} - {% endblock %}
{% block meta %}<link rel="alternate" type="application/rss+xml" title="Searx search: {{ q }}" href="{{ url_for('index') }}?q={{ q|urlencode }}&amp;format=rss&amp;{% for category in selected_categories %}category_{{ category }}=1&amp;{% endfor %}pageno={{ pageno }}">{% endblock %} {% block meta %}<link rel="alternate" type="application/rss+xml" title="Searx search: {{ q|e }}" href="{{ url_for('index') }}?q={{ q|urlencode }}&amp;format=rss&amp;{% for category in selected_categories %}category_{{ category }}=1&amp;{% endfor %}pageno={{ pageno }}">{% endblock %}
{% block content %} {% block content %}
<div class="right"><a href="{{ url_for('preferences') }}" id="preferences"><span>{{ _('preferences') }}</span></a></div> <div class="right"><a href="{{ url_for('preferences') }}" id="preferences"><span>{{ _('preferences') }}</span></a></div>
<div class="small search center"> <div class="small search center">
@ -17,7 +17,7 @@
{% for output_type in ('csv', 'json', 'rss') %} {% for output_type in ('csv', 'json', 'rss') %}
<form method="{{ method or 'POST' }}" action="{{ url_for('index') }}"> <form method="{{ method or 'POST' }}" action="{{ url_for('index') }}">
<div class="left"> <div class="left">
<input type="hidden" name="q" value="{{ q }}" /> <input type="hidden" name="q" value="{{ q|e }}" />
<input type="hidden" name="format" value="{{ output_type }}" /> <input type="hidden" name="format" value="{{ output_type }}" />
{% for category in selected_categories %} {% for category in selected_categories %}
<input type="hidden" name="category_{{ category }}" value="1"/> <input type="hidden" name="category_{{ category }}" value="1"/>
@ -62,7 +62,7 @@
{% if pageno > 1 %} {% if pageno > 1 %}
<form method="{{ method or 'POST' }}" action="{{ url_for('index') }}"> <form method="{{ method or 'POST' }}" action="{{ url_for('index') }}">
<div class="left"> <div class="left">
<input type="hidden" name="q" value="{{ q }}" /> <input type="hidden" name="q" value="{{ q|e }}" />
{% for category in selected_categories %} {% for category in selected_categories %}
<input type="hidden" name="category_{{ category }}" value="1"/> <input type="hidden" name="category_{{ category }}" value="1"/>
{% endfor %} {% endfor %}
@ -76,7 +76,7 @@
{% for category in selected_categories %} {% for category in selected_categories %}
<input type="hidden" name="category_{{ category }}" value="1"/> <input type="hidden" name="category_{{ category }}" value="1"/>
{% endfor %} {% endfor %}
<input type="hidden" name="q" value="{{ q }}" /> <input type="hidden" name="q" value="{{ q|e }}" />
<input type="hidden" name="pageno" value="{{ pageno+1 }}" /> <input type="hidden" name="pageno" value="{{ pageno+1 }}" />
<input type="submit" value="{{ _('next page') }} >>" /> <input type="submit" value="{{ _('next page') }} >>" />
</div> </div>

10
searx/templates/legacy/results.html
View File

@ -1,6 +1,6 @@
{% extends "legacy/base.html" %} {% extends "legacy/base.html" %}
{% block title %}{{ q }} - {% endblock %} {% block title %}{{ q|e }} - {% endblock %}
{% block meta %}<link rel="alternate" type="application/rss+xml" title="Searx search: {{ q }}" href="{{ url_for('index') }}?q={{ q|urlencode }}&amp;format=rss&amp;{% for category in selected_categories %}category_{{ category }}=1&amp;{% endfor %}pageno={{ pageno }}">{% endblock %} {% block meta %}<link rel="alternate" type="application/rss+xml" title="Searx search: {{ q|e }}" href="{{ url_for('index') }}?q={{ q|urlencode }}&amp;format=rss&amp;{% for category in selected_categories %}category_{{ category }}=1&amp;{% endfor %}pageno={{ pageno }}">{% endblock %}
{% block content %} {% block content %}
<div class="preferences_container right"><a href="{{ url_for('preferences') }}" id="preferences"><span>preferences</span></a></div> <div class="preferences_container right"><a href="{{ url_for('preferences') }}" id="preferences"><span>preferences</span></a></div>
<div class="small search center"> <div class="small search center">
@ -18,7 +18,7 @@
{% for output_type in ('csv', 'json', 'rss') %} {% for output_type in ('csv', 'json', 'rss') %}
<form method="{{ method or 'POST' }}" action="{{ url_for('index') }}"> <form method="{{ method or 'POST' }}" action="{{ url_for('index') }}">
<div class="left"> <div class="left">
<input type="hidden" name="q" value="{{ q }}" /> <input type="hidden" name="q" value="{{ q|e }}" />
<input type="hidden" name="format" value="{{ output_type }}" /> <input type="hidden" name="format" value="{{ output_type }}" />
{% for category in selected_categories %} {% for category in selected_categories %}
<input type="hidden" name="category_{{ category }}" value="1"/> <input type="hidden" name="category_{{ category }}" value="1"/>
@ -73,7 +73,7 @@
{% if pageno > 1 %} {% if pageno > 1 %}
<form method="{{ method or 'POST' }}" action="{{ url_for('index') }}"> <form method="{{ method or 'POST' }}" action="{{ url_for('index') }}">
<div class="{% if rtl %}right{% else %}left{% endif %}"> <div class="{% if rtl %}right{% else %}left{% endif %}">
<input type="hidden" name="q" value="{{ q }}" /> <input type="hidden" name="q" value="{{ q|e }}" />
{% for category in selected_categories %} {% for category in selected_categories %}
<input type="hidden" name="category_{{ category }}" value="1"/> <input type="hidden" name="category_{{ category }}" value="1"/>
{% endfor %} {% endfor %}
@ -87,7 +87,7 @@
{% for category in selected_categories %} {% for category in selected_categories %}
<input type="hidden" name="category_{{ category }}" value="1"/> <input type="hidden" name="category_{{ category }}" value="1"/>
{% endfor %} {% endfor %}
<input type="hidden" name="q" value="{{ q }}" /> <input type="hidden" name="q" value="{{ q|e }}" />
<input type="hidden" name="pageno" value="{{ pageno+1 }}" /> <input type="hidden" name="pageno" value="{{ pageno+1 }}" />
<input type="submit" value="{{ _('next page') }} >>" /> <input type="submit" value="{{ _('next page') }} >>" />
</div> </div>

14
searx/templates/oscar/results.html
View File

@ -1,6 +1,6 @@
{% extends "oscar/base.html" %} {% extends "oscar/base.html" %}
{% block title %}{{ q }} - {% endblock %} {% block title %}{{ q|e }} - {% endblock %}
{% block meta %}<link rel="alternate" type="application/rss+xml" title="Searx search: {{ q }}" href="{{ url_for('index') }}?q={{ q|urlencode }}&amp;format=rss&amp;{% for category in selected_categories %}category_{{ category }}=1&amp;{% endfor %}pageno={{ pageno }}&amp;time_range={{ time_range }}">{% endblock %} {% block meta %}<link rel="alternate" type="application/rss+xml" title="Searx search: {{ q|e }}" href="{{ url_for('index') }}?q={{ q|urlencode }}&amp;format=rss&amp;{% for category in selected_categories %}category_{{ category }}=1&amp;{% endfor %}pageno={{ pageno }}&amp;time_range={{ time_range }}">{% endblock %}
{% block content %} {% block content %}
<div class="row"> <div class="row">
<div class="col-sm-8" id="main_results"> <div class="col-sm-8" id="main_results">
@ -37,9 +37,9 @@
<div id="pagination"> <div id="pagination">
<div class="pull-left"> <div class="pull-left">
<form method="{{ method or 'POST' }}" action="{{ url_for('index') }}" class="pull-left"> <form method="{{ method or 'POST' }}" action="{{ url_for('index') }}" class="pull-left">
<input type="hidden" name="q" value="{{ q }}" /> <input type="hidden" name="q" value="{{ q|e }}" />
{% for category in selected_categories %}<input type="hidden" name="category_{{ category }}" value="1"/>{% endfor %} {% for category in selected_categories %}<input type="hidden" name="category_{{ category }}" value="1"/>{% endfor %}
<input type="hidden" name="q" value="{{ q }}" /> <input type="hidden" name="q" value="{{ q|e }}" />
<input type="hidden" name="pageno" value="{{ pageno+1 }}" /> <input type="hidden" name="pageno" value="{{ pageno+1 }}" />
<input type="hidden" name="time_range" value="{{ time_range }}" /> <input type="hidden" name="time_range" value="{{ time_range }}" />
<button type="submit" class="btn btn-default"><span class="glyphicon glyphicon-backward"></span> {{ _('next page') }}</button> <button type="submit" class="btn btn-default"><span class="glyphicon glyphicon-backward"></span> {{ _('next page') }}</button>
@ -59,7 +59,7 @@
<div id="pagination"> <div id="pagination">
<div class="pull-left"> <div class="pull-left">
<form method="{{ method or 'POST' }}" action="{{ url_for('index') }}" class="pull-left"> <form method="{{ method or 'POST' }}" action="{{ url_for('index') }}" class="pull-left">
<input type="hidden" name="q" value="{{ q }}" /> <input type="hidden" name="q" value="{{ q|e }}" />
{% for category in selected_categories %}<input type="hidden" name="category_{{ category }}" value="1"/>{% endfor %} {% for category in selected_categories %}<input type="hidden" name="category_{{ category }}" value="1"/>{% endfor %}
<input type="hidden" name="pageno" value="{{ pageno-1 }}" /> <input type="hidden" name="pageno" value="{{ pageno-1 }}" />
<input type="hidden" name="time_range" value="{{ time_range }}" /> <input type="hidden" name="time_range" value="{{ time_range }}" />
@ -69,7 +69,7 @@
<div class="pull-right"> <div class="pull-right">
<form method="{{ method or 'POST' }}" action="{{ url_for('index') }}" class="pull-left"> <form method="{{ method or 'POST' }}" action="{{ url_for('index') }}" class="pull-left">
{% for category in selected_categories %}<input type="hidden" name="category_{{ category }}" value="1"/>{% endfor %} {% for category in selected_categories %}<input type="hidden" name="category_{{ category }}" value="1"/>{% endfor %}
<input type="hidden" name="q" value="{{ q }}" /> <input type="hidden" name="q" value="{{ q|e }}" />
<input type="hidden" name="pageno" value="{{ pageno+1 }}" /> <input type="hidden" name="pageno" value="{{ pageno+1 }}" />
<input type="hidden" name="time_range" value="{{ time_range }}" /> <input type="hidden" name="time_range" value="{{ time_range }}" />
<button type="submit" class="btn btn-default"><span class="glyphicon glyphicon-forward"></span> {{ _('next page') }}</button> <button type="submit" class="btn btn-default"><span class="glyphicon glyphicon-forward"></span> {{ _('next page') }}</button>
@ -130,7 +130,7 @@
<div class="clearfix"></div> <div class="clearfix"></div>
{% for output_type in ('csv', 'json', 'rss') %} {% for output_type in ('csv', 'json', 'rss') %}
<form method="{{ method or 'POST' }}" action="{{ url_for('index') }}" class="form-inline pull-{% if rtl %}right{% else %}left{% endif %} result_download"> <form method="{{ method or 'POST' }}" action="{{ url_for('index') }}" class="form-inline pull-{% if rtl %}right{% else %}left{% endif %} result_download">
<input type="hidden" name="q" value="{{ q }}"> <input type="hidden" name="q" value="{{ q|e }}">
<input type="hidden" name="format" value="{{ output_type }}"> <input type="hidden" name="format" value="{{ output_type }}">
{% for category in selected_categories %}<input type="hidden" name="category_{{ category }}" value="1">{% endfor %} {% for category in selected_categories %}<input type="hidden" name="category_{{ category }}" value="1">{% endfor %}
<input type="hidden" name="pageno" value="{{ pageno }}"> <input type="hidden" name="pageno" value="{{ pageno }}">

4
searx/templates/pix-art/results.html
View File

@ -5,7 +5,7 @@
{% endfor %} {% endfor %}
{% else %} {% else %}
{% extends "pix-art/base.html" %} {% extends "pix-art/base.html" %}
{% block title %}{{ q }} - {% endblock %} {% block title %}{{ q|e }} - {% endblock %}
{% block meta %}{% endblock %} {% block meta %}{% endblock %}
{% block content %} {% block content %}
<div id="logo"><a href="./"><img src="{{ url_for('static', filename='img/searx-pixel-small.png') }}" alt="searx Logo"/></a></div> <div id="logo"><a href="./"><img src="{{ url_for('static', filename='img/searx-pixel-small.png') }}" alt="searx Logo"/></a></div>
@ -25,7 +25,7 @@
</span> </span>
<div id="pagination"> <div id="pagination">
<br /> <br />
<input type="button" onclick="load_more('{{ q }}', {{ pageno+1 }})" id="load_more" value="{{ _('Load more...') }}" /> <input type="button" onclick="load_more('{{ q|e }}', {{ pageno+1 }})" id="load_more" value="{{ _('Load more...') }}" />
</div> </div>
</div> </div>
{% endblock %} {% endblock %}