Change comment:
Imported from XAR
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -14,15 +14,17 @@ 14 14 ## 15 15 #set($do = "$!{request.get('do')}") 16 16 #set($tag = "$!{request.get('tag')}") 17 +#set($urlEscapedTag = $escapetool.url($tag)) 18 +#set($htmlEscapedTag = $escapetool.html($tag)) 17 17 ## 18 18 ## Macro displayTagAppTitle. Display level1 title of this app. 19 19 ## 20 -#macro(displayTagAppTitle $tag $displayButtons) 22 +#macro(displayTagAppTitle $urlEscapedTag $htmlEscapedTag $displayButtons) 21 21 <h1 class="xapp"> 22 22 <span class="highlight tag"> 23 - <a href="$doc.getURL('view', "do=viewTag&tag=${ tag}")">$tag</a>25 + <a href="$doc.getURL('view', "do=viewTag&tag=${urlEscapedTag}")">$htmlEscapedTag</a> 24 24 #if($xwiki.hasAdminRights() && $displayButtons) 25 - <a href="$doc.getURL('view', "do=prepareRename&tag=${ tag}")" class="button rename" rel="nofollow">Rename</a> <a href="$doc.getURL('view', "do=prepareDelete&tag=${tag}")" class="button delete" rel="nofollow">Delete</a>27 + <a href="$doc.getURL('view', "do=prepareRename&tag=${urlEscapedTag}")" class="button rename" rel="nofollow">Rename</a> <a href="$doc.getURL('view', "do=prepareDelete&tag=${urlEscapedTag}")" class="button delete" rel="nofollow">Delete</a> 26 26 #end 27 27 </span> 28 28 </h1> ... ... @@ -36,21 +36,22 @@ 36 36 ## 37 37 ## View tag 38 38 ## 39 - #displayTagAppTitle($tag true) 41 + #displayTagAppTitle($urlEscapedTag $htmlEscapedTag true) 40 40 #if("$!{request.get('renamedTag')}" != '') 41 - #info($msg.get('xe.tag.rename.success', [$request.get('renamedTag')])) 43 + #set($htmlEscapedRenamedTag = $escapetool.html($request.get('renamedTag'))) 44 + #info($msg.get('xe.tag.rename.success', [$htmlEscapedRenamedTag])) 42 42 #end 43 - #set 46 + #set($list = $xwiki.tag.getDocumentsWithTag($tag)) 44 44 <div> 45 45 <div id="dashboardleft"> 46 46 <div id="dashboardleftcontent"> 47 - <h3 class="xapp"><span>$msg.get('xe.tag.alldocs', [$tag])</span></h3> 50 + <h3 class="xapp"><span>$msg.get('xe.tag.alldocs', [$htmlEscapedTag])</span></h3> 48 48 #displayDocumentList($list true $blacklistedSpaces) 49 49 </div> 50 50 </div> 51 51 <div id="dashboardright"> 52 52 <div id="dashboardrightcontent"> 53 - <h3 class="xapp"><span>$msg.get("xe.tag.recentchanges", [$tag])</span></h3> 56 + <h3 class="xapp"><span>$msg.get("xe.tag.recentchanges", [$htmlEscapedTag])</span></h3> 54 54 #set($rcTag = [$tag]) 55 55 #includeInContext('Main.RecentChanges') 56 56 </div> ... ... @@ -61,12 +61,12 @@ 61 61 ## 62 62 ## Prepare rename tag 63 63 ## 64 - #displayTagAppTitle($tag false) 67 + #displayTagAppTitle($urlEscapedTag $htmlEscapedTag false) 65 65 <form id="renameForm" action="$doc.getURL()" method="post"> 66 66 <div> 67 67 <input name="do" type="hidden" value="renameTag" /> 68 - <input name="tag" type="hidden" value="$tag" /> 69 - $msg.get('xe.tag.rename.renameto', [$tag]) <input type="text" name="renameTo" /> <span class="buttonwrapper"><input type="submit" value="$msg.get('xe.tag.rename')"/></span> 71 + <input name="tag" type="hidden" value="$htmlEscapedTag" /> 72 + $msg.get('xe.tag.rename.renameto', [$htmlEscapedTag]) <input type="text" name="renameTo" /> <span class="buttonwrapper"><input type="submit" value="$msg.get('xe.tag.rename')" class="button"/></span> 70 70 </div> 71 71 </form> 72 72 #elseif($do == 'renameTag') ... ... @@ -79,22 +79,22 @@ 79 79 #set($success = $xwiki.tag.renameTag($tag, $renameTo)) 80 80 #end 81 81 #if ($success == true || $success == 'OK') 82 - #set($encodedRenameTo = $util.encodeURI($renameTo)) 83 - #set($encodedTag = $util.encodeURI($tag)) 84 - $response.sendRedirect($doc.getURL('view', "do=viewTag&tag=${encodedRenameTo}&renamedTag=${encodedTag}")) 85 + #set($urlEscapedRenameTo = $escapetool.url($renameTo)) 86 + $response.sendRedirect($doc.getURL('view', "do=viewTag&tag=${urlEscapedRenameTo}&renamedTag=${urlEscapedTag}")) 85 85 #else 86 - #error($msg.get('xe.tag.rename.failure', [$tag, $renameTo])) 88 + #set($htmlEscapedRenameTo = $escapetool.html($renameTo)) 89 + #error($msg.get('xe.tag.rename.failure', [$htmlEscapedTag, $htmlEscapedRenameTo])) 87 87 #end 88 88 #elseif($do == 'prepareDelete') 89 89 ## 90 90 ## Prepare delete tag 91 91 ## 92 - #displayTagAppTitle($tag false) 95 + #displayTagAppTitle($urlEscapedTag $htmlEscapedTag false) 93 93 <form id="deleteForm" action="$doc.getURL()" method="post"> 94 94 <div> 95 95 <input name="do" type="hidden" value="deleteTag" /> 96 - <input name="tag" type="hidden" value="$tag" /> 97 - <span class="buttonwrapper"><input type="submit" value="$msg.get( "xe.tag.delete", [$tag])" /></span>99 + <input name="tag" type="hidden" value="$htmlEscapedTag" /> 100 + <span class="buttonwrapper"><input type="submit" value="$msg.get('xe.tag.delete', [$htmlEscapedTag])" class="button/></span> 98 98 </div> 99 99 </form> 100 100 #elseif($do == 'deleteTag') ... ... @@ -103,10 +103,9 @@ 103 103 ## 104 104 #set($success = $xwiki.tag.deleteTag($tag)) 105 105 #if ($success == true || $success == 'OK') 106 - #set($encodedTag = $util.encodeURI($tag)) 107 - $response.sendRedirect($doc.getURL('view', "deletedTag=${encodedTag}")) 109 + $response.sendRedirect($doc.getURL('view', "deletedTag=${urlEscapedTag}")) 108 108 #else 109 - #error($msg.get('xe.tag.delete.failure', [$tag])) 111 + #error($msg.get('xe.tag.delete.failure', [$htmlEscapedTag])) 110 110 #end 111 111 #else 112 112 ## ... ... @@ -113,9 +113,10 @@ 113 113 ## View all tags (Tag Cloud) 114 114 ## 115 115 #set($tags = $xwiki.tag.getTags(true)) 116 - #set 118 + #set($title = 'All Tags') 117 117 #if("$!{request.get('deletedTag')}" != '') 118 - #info($msg.get('xe.tag.delete.success', [$request.get('deletedTag')])) 120 + #set($htmlEscapedTag = $escapetool.html($request.get('deletedTag'))) 121 + #info($msg.get('xe.tag.delete.success', [$htmlEscapedTag])) 119 119 #end 120 120 #set($docextras = []) 121 121 #includeInContext("XWiki.TagCloud")