diff options
| author | Jordan <me@jordan.im> | 2019-09-02 17:49:33 -0700 |
|---|---|---|
| committer | Jordan <me@jordan.im> | 2019-09-02 17:49:33 -0700 |
| commit | 0983cf45cd0494a80f7c9d16e75a240289165e56 (patch) | |
| tree | b66c971154f2acefb812692fd7a8165cc8e0b16d | |
| parent | d99797752b531fe9a36062ff49e59a10badebca1 (diff) | |
| download | allium-0983cf45cd0494a80f7c9d16e75a240289165e56.tar.gz allium-0983cf45cd0494a80f7c9d16e75a240289165e56.zip | |
ensure HTML safety of onionoo-provided strings
| -rw-r--r-- | tor-metrics/templates/as.html | 6 | ||||
| -rw-r--r-- | tor-metrics/templates/country.html | 10 | ||||
| -rw-r--r-- | tor-metrics/templates/effective_family.html | 6 | ||||
| -rw-r--r-- | tor-metrics/templates/platform.html | 6 | ||||
| -rw-r--r-- | tor-metrics/templates/relay-info.html | 42 | ||||
| -rw-r--r-- | tor-metrics/templates/relay-list.html | 24 |
6 files changed, 47 insertions, 47 deletions
diff --git a/tor-metrics/templates/as.html b/tor-metrics/templates/as.html index 6021dfa..8b7c93d 100644 --- a/tor-metrics/templates/as.html +++ b/tor-metrics/templates/as.html @@ -1,4 +1,4 @@ {% extends "relay-list.html" %} -{% block title %}Tor Relays :: {{ relays[0]['as'] }}{% endblock %} -{% block header %}<a href="../../">Home</a> :: {{ relays[0]['as'] }}{% endblock %} -{% block description %}{{ relays[0]['as'] }} ({{ relays[0]['as_name']}}) is responsible for ~{{ bandwidth }} MB/s of traffic.{% endblock %} +{% block title %}Tor Relays :: {{ relays[0]['as']|escape }}{% endblock %} +{% block header %}<a href="../../">Home</a> :: {{ relays[0]['as']|escape }}{% endblock %} +{% block description %}{{ relays[0]['as']|escape }} ({{ relays[0]['as_name']|escape }}) is responsible for ~{{ bandwidth }} MB/s of traffic.{% endblock %} diff --git a/tor-metrics/templates/country.html b/tor-metrics/templates/country.html index 43db3c3..8dcb40d 100644 --- a/tor-metrics/templates/country.html +++ b/tor-metrics/templates/country.html @@ -1,9 +1,9 @@ {% extends "relay-list.html" %} {% if relays[0]['country_name'] in special_countries %} - {% set country_name = 'The ' + relays[0]['country_name'] %} + {% set country_name = 'The ' + relays[0]['country_name']|escape %} {% else %} - {% set country_name = relays[0]['country_name'] %} + {% set country_name = relays[0]['country_name']|escape %} {% endif %} -{% block title %}Tor Relays :: {{ relays[0]['country_name'] }}{% endblock %} -{% block header %}<a href="../../">Home</a> :: {{ relays[0]['country_name'] }}{% endblock %} -{% block description %}{{ country_name }} ({{ relays[0]['country'] }}) is responsible for ~{{ bandwidth }} MB/s of traffic.{% endblock %} +{% block title %}Tor Relays :: {{ relays[0]['country_name']|escape }}{% endblock %} +{% block header %}<a href="../../">Home</a> :: {{ relays[0]['country_name']|escape }}{% endblock %} +{% block description %}{{ country_name }} ({{ relays[0]['country']|escape }}) is responsible for ~{{ bandwidth }} MB/s of traffic.{% endblock %} diff --git a/tor-metrics/templates/effective_family.html b/tor-metrics/templates/effective_family.html index ce85133..7bd2c47 100644 --- a/tor-metrics/templates/effective_family.html +++ b/tor-metrics/templates/effective_family.html @@ -1,4 +1,4 @@ {% extends "relay-list.html" %} -{% block title %}Tor Relays :: Family {{ family }}{% endblock %} -{% block header %}<a href="../../">Home</a> :: Family {{ family }}{% endblock %} -{% block description %}Relays with effective family member {{ family }} are responsible for ~{{ bandwidth }} MB/s of traffic.{% endblock %} +{% block title %}Tor Relays :: Family {{ family|escape }}{% endblock %} +{% block header %}<a href="../../">Home</a> :: Family {{ family|escape }}{% endblock %} +{% block description %}Relays with effective family member {{ family|escape }} are responsible for ~{{ bandwidth }} MB/s of traffic.{% endblock %} diff --git a/tor-metrics/templates/platform.html b/tor-metrics/templates/platform.html index 84aace2..8743b76 100644 --- a/tor-metrics/templates/platform.html +++ b/tor-metrics/templates/platform.html @@ -1,4 +1,4 @@ {% extends "relay-list.html" %} -{% block title %}Tor Relays :: {{ relays[0]['platform'] }}{% endblock %} -{% block header %}<a href="../../">Home</a> :: {{ relays[0]['platform'] }}{% endblock %} -{% block description %}{{ relays[0]['platform'] }} systems are responsible for ~{{ bandwidth }} MB/s of traffic.{% endblock %} +{% block title %}Tor Relays :: {{ relays[0]['platform']|escape }}{% endblock %} +{% block header %}<a href="../../">Home</a> :: {{ relays[0]['platform']|escape }}{% endblock %} +{% block description %}{{ relays[0]['platform']|escape }} systems are responsible for ~{{ bandwidth }} MB/s of traffic.{% endblock %} diff --git a/tor-metrics/templates/relay-info.html b/tor-metrics/templates/relay-info.html index be01cea..78af670 100644 --- a/tor-metrics/templates/relay-info.html +++ b/tor-metrics/templates/relay-info.html @@ -7,7 +7,7 @@ <div class="col-md-6"> <dl> <dt>Nickname</dt> - <dd>{{ relay['nickname'] }}</dd> + <dd>{{ relay['nickname']|escape }}</dd> <dt>OR Address</dt> <dd><pre class="pre-scrollable">{% for address in relay['or_addresses'] -%} @@ -24,14 +24,14 @@ <dt>Dir Address</dt> {% if relay['dir_address'] %} - <dd>{{ relay['dir_address'] }}</dd> + <dd>{{ relay['dir_address']|escape }}</dd> {% else %} <dd>none</dd> {% endif %} <dt>Exit Address</dt> {% if relay['exit_address'] %} - <dd>{{ relay['exit_address'] }}</dd> + <dd>{{ relay['exit_address']|escape }}</dd> {% else %} <dd>none</dd> {% endif %} @@ -48,7 +48,7 @@ {% if relay['exit_policy_summary'] -%} {%- set v4_summary = relay['exit_policy_summary'].items() -%} <pre class="pre-scrollable">{% for key, value in v4_summary -%} - {{ key }}: {{ value[0] }} + {{ key|escape }}: {{ value[0]|escape }} {% endfor -%} </pre> {% else -%} @@ -61,7 +61,7 @@ {% if relay['exit_policy_v6_summary'] -%} {%- set v6_summary = relay['exit_policy_v6_summary'].items() -%} <pre class="pre-scrollable">{% for key, value in v6_summary -%} - {{ key }}: {{ value[0] }} + {{ key|escape }}: {{ value[0]|escape }} {% endfor -%} </pre> {% else -%} @@ -71,20 +71,20 @@ <dt>Exit Policy</dt> <dd><pre class="pre-scrollable">{% for policy in relay['exit_policy'] -%} - {{ policy }} + {{ policy|escape }} {% endfor -%} </pre></dd> {% if relay['effective_family']|length > 1 -%} - <dt>Effective Family Members (<a href="{{ path_prefix }}family/{{ relay['fingerprint'] }}">view</a>)</dt> + <dt>Effective Family Members (<a href="{{ path_prefix }}family/{{ relay['fingerprint']|escape }}">view</a>)</dt> {% else %} <dt>Effective Family Members</dt> {% endif %} <dd><pre class="pre-scrollable">{% for e_relay in relay['effective_family'] -%} {% if relay['effective_family']|length > 1 -%} - <a href="{{ e_relay }}.html">{{ e_relay }}</a> + <a href="{{ e_relay|escape }}.html">{{ e_relay|escape }}</a> {% else -%} - {{ e_relay }} + {{ e_relay|escape }} {% endif -%} {% endfor -%} </pre></dd> @@ -94,9 +94,9 @@ {% if relay['alleged_family'] %} <pre class="pre-scrollable">{% for a_relay in relay['alleged_family'] -%} {% if relay['alleged_family']|length > 1 -%} - <a href="{{ a_relay }}.html">{{ a_relay }}</a> + <a href="{{ a_relay|escape }}.html">{{ a_relay|escape }}</a> {% else -%} - {{ a_relay }} + {{ a_relay|escape }} {% endif -%} {% endfor %} {% else -%} @@ -108,13 +108,13 @@ <div class="col-md-6"> <dl> <dt>Fingerprint</dt> - <dd><pre>{{ relay['fingerprint'] }}</pre></dd> + <dd><pre>{{ relay['fingerprint']|escape }}</pre></dd> <dt>Flags</dt> <dd> {% for flag in relay['flags'] %} {% if flag != 'StaleDesc' %} - <img src="{{ path_prefix}}static/images/flags/{{ flag.lower() }}.png" title="{{ flag }}" alt="{{ flag }}"> {{ flag }} + <img src="{{ path_prefix}}static/images/flags/{{ flag.lower()|escape }}.png" title="{{ flag|escape }}" alt="{{ flag|escape }}"> {{ flag|escape }} {% endif %} {% endfor %} </dd> @@ -122,7 +122,7 @@ <dt>Host Name</dt> <dd> {% if relay['verified_host_names'] -%} - <pre>{{ relay['verified_host_names'][0] }}</pre> + <pre>{{ relay['verified_host_names'][0]|escape }}</pre> {% else -%} <pre>none</pre> {% endif -%} @@ -130,7 +130,7 @@ <dt>Country</dt> <dd> {% if relay['country'] -%} - <a href="{{ path_prefix }}country/{{ relay['country'] }}/"><img src="{{ path_prefix }}static/images/cc/{{ relay['country'] }}.png" title="{{ relay['country_name'] }}" alt="{{ relay['country_name'] }}"></a> {{ relay['country_name'] }} + <a href="{{ path_prefix }}country/{{ relay['country']|escape }}/"><img src="{{ path_prefix }}static/images/cc/{{ relay['country']|escape }}.png" title="{{ relay['country_name']|escape }}" alt="{{ relay['country_name']|escape }}"></a> {{ relay['country_name']|escape }} {% else -%} unknown {% endif %} @@ -139,7 +139,7 @@ <dt>AS Number</dt> <dd> {% if relay['as'] %} - <a href='{{ path_prefix }}as/{{ relay['as'] }}'>{{ relay['as'] }}</a> + <a href='{{ path_prefix }}as/{{ relay['as']|escape }}'>{{ relay['as']|escape }}</a> {% else %} unknown {% endif %} @@ -147,22 +147,22 @@ <dt>AS Name</dt> <dd> {% if relay['as_name'] -%} - {{ relay['as_name'] }} (<a href='https://bgp.he.net/{{ relay['as'] }}'>BGP</a>) + {{ relay['as_name']|escape }} (<a href='https://bgp.he.net/{{ relay['as']|escape }}'>bgp</a>) {% else -%} unknown {% endif -%} <dt>First Seen</dt> - <dd>{{ relay['first_seen'] }}</dd> + <dd>{{ relay['first_seen']|escape }}</dd> <dt>Last Restarted</dt> - <dd>{{ relay['last_restarted'] }}</dd> + <dd>{{ relay['last_restarted']|escape }}</dd> <dt>Consensus Weight</dt> - <dd>{{ relay['consensus_weight_fraction'] }} ({{ relay['consensus_weight'] }})</dd> + <dd>{{ relay['consensus_weight_fraction']|escape }} ({{ relay['consensus_weight']|escape }})</dd> <dt>Platform</dt> - <dd>{{ relay['platform'] }}</dd> + <dd>{{ relay['platform']|escape }}</dd> </dl> </div> diff --git a/tor-metrics/templates/relay-list.html b/tor-metrics/templates/relay-list.html index ec81115..342bb86 100644 --- a/tor-metrics/templates/relay-list.html +++ b/tor-metrics/templates/relay-list.html @@ -27,45 +27,45 @@ {% set obs_bandwidth = '%s %s'|format((relay['observed_bandwidth'] / 1000)|round(2, 'common'), 'KB/s') %}{% endif %} {% if deactivate != 'family' and relay['effective_family']|length > 1 %} - <td><a href="{{ path_prefix }}relay/{{ relay['fingerprint'] }}.html">{{ relay['nickname'] }}</a> (<a href="{{ path_prefix }}family/{{ relay['effective_family'][0] }}/">{{ relay['effective_family']|length }}</a>)</td> + <td><a href="{{ path_prefix }}relay/{{ relay['fingerprint']|escape }}.html">{{ relay['nickname']|escape }}</a> (<a href="{{ path_prefix }}family/{{ relay['effective_family'][0]|escape }}/">{{ relay['effective_family']|length }}</a>)</td> {% else %} - <td><a href="{{ path_prefix}}relay/{{ relay['fingerprint'] }}.html">{{ relay['nickname'] }}</a></td>{% endif %} + <td><a href="{{ path_prefix}}relay/{{ relay['fingerprint']|escape }}.html">{{ relay['nickname']|escape }}</a></td>{% endif %} <td>{{ obs_bandwidth }}</td> - <td class="visible-md visible-lg">{{ relay['or_addresses'][0].split(':', 1)[0] }}</td> + <td class="visible-md visible-lg">{{ relay['or_addresses'][0].split(':', 1)[0]|escape }}</td> {% if relay['as'] %}{% if deactivate != 'as' %} - <td><a href="{{ path_prefix }}as/{{ relay['as'] }}/">{{ relay['as'] }}</a></td> + <td><a href="{{ path_prefix }}as/{{ relay['as']|escape }}/">{{ relay['as']|escape }}</a></td> {% else %} - <td>{{ relay['as'] }}</td>{% endif %} + <td>{{ relay['as']|escape }}</td>{% endif %} {% else %} <td>Unknown</td>{% endif %} {% if relay['as_name'] %} - <td><a href="https://bgp.he.net/{{ relay['as'] }}" title="{{ relay['as_name'] }}">{{ relay['as_name'] |truncate(length=20) }}</a></td> + <td><a href="https://bgp.he.net/{{ relay['as']|escape }}" title="{{ relay['as_name']|escape }}">{{ relay['as_name']|escape|truncate(length=20) }}</a></td> {% else %} <td>Unknown</td>{% endif %} {% if relay['country'] %}{% if deactivate != 'country' %} - <td><a href="{{ path_prefix }}country/{{ relay['country'] }}/"><img src="{{ path_prefix }}static/images/cc/{{ relay['country'] }}.png" title="{{ relay['country_name'] }}" alt="{{ relay['country_name'] }}"></a></td> + <td><a href="{{ path_prefix }}country/{{ relay['country']|escape }}/"><img src="{{ path_prefix }}static/images/cc/{{ relay['country']|escape }}.png" title="{{ relay['country_name']|escape }}" alt="{{ relay['country_name']|escape }}"></a></td> {% else %} - <td><img src="{{ path_prefix }}static/images/cc/{{ relay['country'] }}.png" title="{{ relay['country_name'] }}" alt="{{ relay['country_name'] }}"></td>{% endif %} + <td><img src="{{ path_prefix }}static/images/cc/{{ relay['country']|escape }}.png" title="{{ relay['country_name']|escape }}" alt="{{ relay['country_name']|escape }}"></td>{% endif %} {% else %} <td>X</td>{% endif %} {% if deactivate != 'platform' %} - <td><a href="{{ path_prefix }}platform/{{ relay['platform'] }}/">{{ relay['platform'] }}</a></td> + <td><a href="{{ path_prefix }}platform/{{ relay['platform']|escape }}/">{{ relay['platform']|escape }}</a></td> {% else %} - <td>{{ relay['platform'] }}</td>{% endif %} + <td>{{ relay['platform']|escape }}</td>{% endif %} - <td>{% for flag in relay['flags'] %}{% if flag != 'StaleDesc' %}<img src="{{ path_prefix}}static/images/flags/{{ flag.lower() }}.png" title="{{ flag }}" alt="{{ flag }}"> {% endif %}{% endfor %}</td> + <td>{% for flag in relay['flags'] %}{% if flag != 'StaleDesc' %}<img src="{{ path_prefix}}static/images/flags/{{ flag.lower()|escape }}.png" title="{{ flag|escape }}" alt="{{ flag|escape }}"> {% endif %}{% endfor %}</td> {% if relay['running'] %} <td class="visible-md visible-lg"><font color="green">True</font></td> {% else %} <td class="visible-md visible-lg"><font color="red">False</font></td>{% endif %} - <td class="visible-md visible-lg">{{ relay['first_seen'].split(' ', 1)[0] }}</td> + <td class="visible-md visible-lg">{{ relay['first_seen'].split(' ', 1)[0]|escape }}</td> </tr> {% endfor %} </tbody> |