html-escape labels for additional updates always; add missed template with escaped fields

2026-03-09 10:10:26 -05:00 · 2015-06-16 17:03:41 -07:00
parent a6b4b5be84
commit 1a3d82291e
2 changed files with 8 additions and 7 deletions
--- a/Center/mschtml.py
+++ b/Center/mschtml.py
@@ -557,6 +557,7 @@ def build_updates_page():
    if other_updates:
        page['hide_other_updates'] = u''
        for item in other_updates:
+            escapeAndQuoteCommonFields(item)
            page['other_update_rows'] += item_template.safe_substitute(item)
    
    footer = get_template('footer_template.html', raw=True)
--- a/Center/templates/list_item_template.html
+++ b/Center/templates/list_item_template.html
@@ -1,22 +1,22 @@
 <div class="lockup small detailed option">
    <a href="${detail_link}" class="artwork-link">
        <div class="artwork">
-            <img width="75" height="75" alt="${display_name}" class="artwork" src="${icon}" />
+            <img width="75" height="75" alt="${display_name_escaped}" class="artwork" src="${icon}" />
        </div>
    </a>
    <ul class="list">
-        <li class="name" title="${display_name}"><a href="${detail_link}">${display_name}</a></li>
-        <li class="genre">${category_and_developer}</li>
-        <li class="${status}" id="${name}_status_text">
-            <span id="${name}_status_text_span">${status_text}</span>
+        <li class="name" title="${display_name_escaped}"><a href="${detail_link}">${display_name_escaped}</a></li>
+        <li class="genre">${category_and_developer_escaped}</li>
+        <li class="${status}" id="${name_escaped}_status_text">
+            <span id="${name_escaped}_status_text_span">${status_text}</span>
            <a class="follow" href="updates.html"></a>
            <span class="progress-spinner"></span>
        </li>
        <li>
            <div class="msc-button small">
                <button class="button-area uppercase"
-                        onClick="window.AppController.actionButtonClicked_('${name}');">
-                    <div class="msc-button-inner ${status}" id="${name}_action_button_text">
+                        onClick="window.AppController.actionButtonClicked_('${name_quoted}');">
+                    <div class="msc-button-inner ${status}" id="${name_escaped}_action_button_text">
                        ${short_action_text}
                    </div>
                </button>