templates: fix javascript escaping

2022-01-27 21:51:50 +01:00
parent f90f71c529
commit b707cbe449
27 changed files with 105 additions and 102 deletions
--- a/website/agenda/templates/calendar.html
+++ b/website/agenda/templates/calendar.html
@@ -36,7 +36,7 @@
 <tr>
 <TMPL_COMMENT><th>Wo</th>
 </TMPL_COMMENT>
-<TMPL_LOOP weekdays><th><a href="<TMPL_VAR .local_base_url>/<TMPL_VAR .controllers.events>/<TMPL_VAR start_date>/<TMPL_VAR end_date>/<TMPL_VAR weekday>/" onclick="calcms.selectWeekdayEventListener('<TMPL_VAR start_date>','<TMPL_VAR end_date>','<TMPL_VAR weekday>');return false;"><TMPL_VAR "weekday_short_name"></a></th></TMPL_LOOP>
+<TMPL_LOOP weekdays><th><a href="<TMPL_VAR .local_base_url>/<TMPL_VAR .controllers.events>/<TMPL_VAR start_date>/<TMPL_VAR end_date>/<TMPL_VAR weekday>/" onclick="calcms.selectWeekdayEventListener('<TMPL_VAR start_date escape=js>','<TMPL_VAR end_date escape=js>','<TMPL_VAR weekday escape=js>');return false;"><TMPL_VAR "weekday_short_name"></a></th></TMPL_LOOP>
 </tr>

 </thead>
@@ -45,7 +45,7 @@
 <TMPL_LOOP week_and_days>
 <tr>
 <TMPL_COMMENT>
-<TMPL_LOOP week><th class="<TMPL_VAR class>"><a href="<TMPL_VAR .local_base_url>/<TMPL_VAR .controllers.events>/<TMPL_VAR from_date>/<TMPL_VAR till_date>/" title="Woche anzeigen" onclick="calcms.selectDateRangeEventListener('<TMPL_VAR from_date>','<TMPL_VAR till_date>');return false;" ><TMPL_VAR week_of_year></a></th></TMPL_LOOP>
+<TMPL_LOOP week><th class="<TMPL_VAR class>"><a href="<TMPL_VAR .local_base_url>/<TMPL_VAR .controllers.events>/<TMPL_VAR from_date>/<TMPL_VAR till_date>/" title="Woche anzeigen" onclick="calcms.selectDateRangeEventListener('<TMPL_VAR from_date escape=js>','<TMPL_VAR till_date escape=js>');return false;" ><TMPL_VAR week_of_year></a></th></TMPL_LOOP>
 </TMPL_COMMENT>
 <TMPL_LOOP days><td class="<TMPL_VAR class>"><a href="<TMPL_VAR .cache_base_url>/<TMPL_VAR .controllers.events>/<TMPL_VAR date>.html" title="<TMPL_VAR day>.<TMPL_VAR month>. zeigen"><TMPL_VAR day></a></td>
 </TMPL_LOOP></tr></TMPL_LOOP>
--- a/website/agenda/templates/categories.html
+++ b/website/agenda/templates/categories.html
@@ -19,7 +19,7 @@
 	<TMPL_UNLESS isEmpty>
 	<select id="calcms_category_<TMPL_VAR js_name escape=none>" name="category_<TMPL_VAR js_name escape=none>" 
 		title="Kategorien durchsuchen" 
-		onchange="calcms.selectCategory('<TMPL_VAR name>', jQuery(this).val())" 
+		onchange="calcms.selectCategory('<TMPL_VAR name escape=js>', jQuery(this).val())" 
 		style="display:none;"
 	>
 		<option value="">- Kategorie -</option>
--- a/website/agenda/templates/comments.html
+++ b/website/agenda/templates/comments.html
@@ -12,7 +12,7 @@
 	<a name="comments" />
 	<TMPL_IF allow.new_comments>
 		<a href="#comments" 
-		   onclick="calcms.showCommentForm('calcms_add_comment','','<TMPL_VAR event_id>','<TMPL_VAR event_start>');return false;"
+		   onclick="calcms.showCommentForm('calcms_add_comment','','<TMPL_VAR event_id escape=js>','<TMPL_VAR event_start escape=js>');return false;"
 		>Neuen Kommentar schreiben</a>
 	<div>
 		<div id="calcms_add_comment" style="display:none;visibility:hidden;" >&nbsp;</div>
@@ -40,7 +40,7 @@
 				<TMPL_IF allow.new_comments>
 					<span >
 						<a href="#calcms_add_comment_<TMPL_VAR id>_anchor"
-						   onclick="calcms.showCommentForm('calcms_add_comment_<TMPL_VAR id>','<TMPL_VAR id>','<TMPL_VAR event_id>','<TMPL_VAR event_start>');return false;"
+						   onclick="calcms.showCommentForm('calcms_add_comment_<TMPL_VAR id escape=js>','<TMPL_VAR id escape=js>','<TMPL_VAR event_id escape=js>','<TMPL_VAR event_start escape=js>');return false;"
 						>antworten</a>
 					</span>
 					<div id="calcms_add_comment_<TMPL_VAR id>">&nbsp;</div>
--- a/website/agenda/templates/event_details.html
+++ b/website/agenda/templates/event_details.html
@@ -80,7 +80,7 @@
 		<script>
 			jQuery(document).ready(
 				function() {
-					calcms.showCommentsByEventIdOrEventStart('<TMPL_VAR event_id>','<TMPL_VAR start_datetime>');
+					calcms.showCommentsByEventIdOrEventStart('<TMPL_VAR event_id escape=js>','<TMPL_VAR start_datetime escape=js>');
 				}
 			);
 		</script>
--- a/website/agenda/templates/event_playlist.html
+++ b/website/agenda/templates/event_playlist.html
@@ -9,18 +9,31 @@
 </head>

 <body>
+<style>
+
+div.event div.title{
+    display:grid;
+    grid-template-columns: 3ch 5ch 1ch 1fr; 
+}
+div.event div.title div{
+    display:inline;
+}
+</style>
+
 <TMPL_LOOP NAME=events>
 <a href="<TMPL_VAR cache_base_url>/<TMPL_VAR .controllers.event>/<TMPL_VAR event_id>.html#<TMPL_VAR event_uri escape=url>" 
 > 
-    <div id="event_playlist_<TMPL_VAR event_id>" class="event"  title="<TMPL_VAR full_title><TMPL_IF excerpt>. <TMPL_VAR excerpt></TMPL_IF>">
+    <div id="event_playlist_<TMPL_VAR event_id>" class="event"  title="<TMPL_VAR full_title><TMPL_IF excerpt>. <TMPL_VAR excerpt escape=url></TMPL_IF>">
 		<TMPL_COMMENT>
        <div class="icon">
            <img src="<TMPL_VAR icon>"></img>
        </div>
 		</TMPL_COMMENT>
        <div class="title">
-            <TMPL_VAR weekday_short_name> <TMPL_VAR start_time_name> - 
-            <TMPL_IF series_name><TMPL_VAR series_name><TMPL_ELSE><TMPL_VAR title></TMPL_IF>
+            <div><TMPL_VAR weekday_short_name></div>
+            <div><TMPL_VAR start_time_name></div>
+            <div>-</div>
+            <div><TMPL_IF series_name><TMPL_VAR series_name><TMPL_ELSE><TMPL_VAR title></TMPL_IF></div>
        </div>
    </div>
 </a>
--- a/website/agenda/templates/series_names.html
+++ b/website/agenda/templates/series_names.html
@@ -14,7 +14,7 @@
    id="calcms_series_name_<TMPL_VAR js_name escape=none>" 
    name="series_name_<TMPL_VAR js_name escape=none>" 
    title="Sendereihen durchsuchen" 
-    onchange="calcms.selectSeries('<TMPL_VAR name>', jQuery(this).val())" 
+    onchange="calcms.selectSeries('<TMPL_VAR name escape=js>', jQuery(this).val())" 
    style="display:none;"
 >