From 0983cf45cd0494a80f7c9d16e75a240289165e56 Mon Sep 17 00:00:00 2001 From: Jordan Date: Mon, 2 Sep 2019 17:49:33 -0700 Subject: ensure HTML safety of onionoo-provided strings --- tor-metrics/templates/as.html | 6 ++--- tor-metrics/templates/country.html | 10 +++---- tor-metrics/templates/effective_family.html | 6 ++--- tor-metrics/templates/platform.html | 6 ++--- tor-metrics/templates/relay-info.html | 42 ++++++++++++++--------------- tor-metrics/templates/relay-list.html | 24 ++++++++--------- 6 files changed, 47 insertions(+), 47 deletions(-) diff --git a/tor-metrics/templates/as.html b/tor-metrics/templates/as.html index 6021dfa..8b7c93d 100644 --- a/tor-metrics/templates/as.html +++ b/tor-metrics/templates/as.html @@ -1,4 +1,4 @@ {% extends "relay-list.html" %} -{% block title %}Tor Relays :: {{ relays[0]['as'] }}{% endblock %} -{% block header %}Home :: {{ relays[0]['as'] }}{% endblock %} -{% block description %}{{ relays[0]['as'] }} ({{ relays[0]['as_name']}}) is responsible for ~{{ bandwidth }} MB/s of traffic.{% endblock %} +{% block title %}Tor Relays :: {{ relays[0]['as']|escape }}{% endblock %} +{% block header %}Home :: {{ relays[0]['as']|escape }}{% endblock %} +{% block description %}{{ relays[0]['as']|escape }} ({{ relays[0]['as_name']|escape }}) is responsible for ~{{ bandwidth }} MB/s of traffic.{% endblock %} diff --git a/tor-metrics/templates/country.html b/tor-metrics/templates/country.html index 43db3c3..8dcb40d 100644 --- a/tor-metrics/templates/country.html +++ b/tor-metrics/templates/country.html @@ -1,9 +1,9 @@ {% extends "relay-list.html" %} {% if relays[0]['country_name'] in special_countries %} - {% set country_name = 'The ' + relays[0]['country_name'] %} + {% set country_name = 'The ' + relays[0]['country_name']|escape %} {% else %} - {% set country_name = relays[0]['country_name'] %} + {% set country_name = relays[0]['country_name']|escape %} {% endif %} -{% block title %}Tor Relays :: {{ relays[0]['country_name'] }}{% endblock %} -{% block header %}Home :: {{ relays[0]['country_name'] }}{% endblock %} -{% block description %}{{ country_name }} ({{ relays[0]['country'] }}) is responsible for ~{{ bandwidth }} MB/s of traffic.{% endblock %} +{% block title %}Tor Relays :: {{ relays[0]['country_name']|escape }}{% endblock %} +{% block header %}Home :: {{ relays[0]['country_name']|escape }}{% endblock %} +{% block description %}{{ country_name }} ({{ relays[0]['country']|escape }}) is responsible for ~{{ bandwidth }} MB/s of traffic.{% endblock %} diff --git a/tor-metrics/templates/effective_family.html b/tor-metrics/templates/effective_family.html index ce85133..7bd2c47 100644 --- a/tor-metrics/templates/effective_family.html +++ b/tor-metrics/templates/effective_family.html @@ -1,4 +1,4 @@ {% extends "relay-list.html" %} -{% block title %}Tor Relays :: Family {{ family }}{% endblock %} -{% block header %}Home :: Family {{ family }}{% endblock %} -{% block description %}Relays with effective family member {{ family }} are responsible for ~{{ bandwidth }} MB/s of traffic.{% endblock %} +{% block title %}Tor Relays :: Family {{ family|escape }}{% endblock %} +{% block header %}Home :: Family {{ family|escape }}{% endblock %} +{% block description %}Relays with effective family member {{ family|escape }} are responsible for ~{{ bandwidth }} MB/s of traffic.{% endblock %} diff --git a/tor-metrics/templates/platform.html b/tor-metrics/templates/platform.html index 84aace2..8743b76 100644 --- a/tor-metrics/templates/platform.html +++ b/tor-metrics/templates/platform.html @@ -1,4 +1,4 @@ {% extends "relay-list.html" %} -{% block title %}Tor Relays :: {{ relays[0]['platform'] }}{% endblock %} -{% block header %}Home :: {{ relays[0]['platform'] }}{% endblock %} -{% block description %}{{ relays[0]['platform'] }} systems are responsible for ~{{ bandwidth }} MB/s of traffic.{% endblock %} +{% block title %}Tor Relays :: {{ relays[0]['platform']|escape }}{% endblock %} +{% block header %}Home :: {{ relays[0]['platform']|escape }}{% endblock %} +{% block description %}{{ relays[0]['platform']|escape }} systems are responsible for ~{{ bandwidth }} MB/s of traffic.{% endblock %} diff --git a/tor-metrics/templates/relay-info.html b/tor-metrics/templates/relay-info.html index be01cea..78af670 100644 --- a/tor-metrics/templates/relay-info.html +++ b/tor-metrics/templates/relay-info.html @@ -7,7 +7,7 @@
Nickname
-
{{ relay['nickname'] }}
+
{{ relay['nickname']|escape }}
OR Address
{% for address in relay['or_addresses'] -%}
@@ -24,14 +24,14 @@
 
             
Dir Address

             {% if relay['dir_address'] %}
-                
{{ relay['dir_address'] }}

+                
{{ relay['dir_address']|escape }}

             {% else %}
                 
none

             {% endif %}
 
             
Exit Address

             {% if relay['exit_address'] %}
-                
{{ relay['exit_address'] }}

+                
{{ relay['exit_address']|escape }}

             {% else %}
                 
none

             {% endif %}
@@ -48,7 +48,7 @@
             {% if relay['exit_policy_summary'] -%}
                 {%- set v4_summary = relay['exit_policy_summary'].items() -%}
                 
{% for key, value in v4_summary -%}
-                    {{ key }}: {{ value[0] }}
+                    {{ key|escape }}: {{ value[0]|escape }}
                 {% endfor -%}
                 

             {% else -%}
@@ -61,7 +61,7 @@
             {% if relay['exit_policy_v6_summary'] -%}
                 {%- set v6_summary = relay['exit_policy_v6_summary'].items() -%}
                 
{% for key, value in v6_summary -%}
-                    {{ key }}: {{ value[0] }}
+                    {{ key|escape }}: {{ value[0]|escape }}
                 {% endfor -%}
                 

             {% else -%}
@@ -71,20 +71,20 @@
 
             
Exit Policy

             
{% for policy in relay['exit_policy'] -%}
-                {{ policy }}
+                {{ policy|escape }}
             {% endfor -%}
             

 
             {% if relay['effective_family']|length > 1 -%}
-                
Effective Family Members (view)

+                
Effective Family Members (view)

             {% else %}
                 
Effective Family Members

             {% endif %}
             
{% for e_relay in relay['effective_family'] -%}
                 {% if relay['effective_family']|length > 1 -%}
-                {{ e_relay }}
+                {{ e_relay|escape }}
                 {% else -%}
-                {{ e_relay }}
+                {{ e_relay|escape }}
                 {% endif -%}
             {% endfor -%}
             

@@ -94,9 +94,9 @@
             {% if relay['alleged_family'] %}
                 
{% for a_relay in relay['alleged_family'] -%}
                     {% if relay['alleged_family']|length > 1 -%}
-                    {{ a_relay }}
+                    {{ a_relay|escape }}
                     {% else -%}
-                    {{ a_relay }}
+                    {{ a_relay|escape }}
                     {% endif -%}
                 {% endfor %}
             {% else -%}
@@ -108,13 +108,13 @@
     

         

             
Fingerprint

-            
{{ relay['fingerprint'] }}

+            
{{ relay['fingerprint']|escape }}

 
             
Flags

             

             {% for flag in relay['flags'] %}
                 {% if flag != 'StaleDesc' %}
-                {{ flag }} {{ flag }}
+                {{ flag|escape }} {{ flag|escape }}
                 {% endif %}
             {% endfor %}
             

@@ -122,7 +122,7 @@
             
Host Name

             

             {% if relay['verified_host_names'] -%}
-                
{{ relay['verified_host_names'][0] }}

+                
{{ relay['verified_host_names'][0]|escape }}

             {% else -%}
                 
none

             {% endif -%}
@@ -130,7 +130,7 @@
             
Country

             

             {% if relay['country'] -%}
-                {{ relay['country_name'] }} {{ relay['country_name'] }}
+                {{ relay['country_name']|escape }} {{ relay['country_name']|escape }}
             {% else -%}
                 unknown
             {% endif %}
@@ -139,7 +139,7 @@
             
AS Number

             

             {% if relay['as'] %}
-                {{ relay['as'] }}
+                {{ relay['as']|escape }}
             {% else %}
                 unknown
             {% endif %}
@@ -147,22 +147,22 @@
             
AS Name

             

             {% if relay['as_name'] -%}
-                {{ relay['as_name'] }} (BGP)
+                {{ relay['as_name']|escape }} (bgp)
             {% else -%}
                 unknown
             {% endif -%}
 
             
First Seen

-            
{{ relay['first_seen'] }}

+            
{{ relay['first_seen']|escape }}

 
             
Last Restarted

-            
{{ relay['last_restarted'] }}

+            
{{ relay['last_restarted']|escape }}

 
             
Consensus Weight

-            
{{ relay['consensus_weight_fraction'] }} ({{ relay['consensus_weight'] }})

+            
{{ relay['consensus_weight_fraction']|escape }} ({{ relay['consensus_weight']|escape }})

 
             
Platform

-            
{{ relay['platform'] }}

+            
{{ relay['platform']|escape }}

 
         

     

diff --git a/tor-metrics/templates/relay-list.html b/tor-metrics/templates/relay-list.html
index ec81115..342bb86 100644
--- a/tor-metrics/templates/relay-list.html
+++ b/tor-metrics/templates/relay-list.html
@@ -27,45 +27,45 @@
             {% set obs_bandwidth = '%s %s'|format((relay['observed_bandwidth'] / 1000)|round(2, 'common'), 'KB/s') %}{% endif %}
 
             {% if deactivate != 'family' and relay['effective_family']|length > 1 %}
-            {{ relay['nickname'] }} ({{ relay['effective_family']|length }})
+            {{ relay['nickname']|escape }} ({{ relay['effective_family']|length }})
             {% else %}
-            {{ relay['nickname'] }}{% endif %}
+            {{ relay['nickname']|escape }}{% endif %}
             {{ obs_bandwidth }}
 
-            {{ relay['or_addresses'][0].split(':', 1)[0] }}
+            {{ relay['or_addresses'][0].split(':', 1)[0]|escape }}
 
             {% if relay['as'] %}{% if deactivate != 'as' %}
-            {{ relay['as'] }}
+            {{ relay['as']|escape }}
             {% else %}
-            {{ relay['as'] }}{% endif %}
+            {{ relay['as']|escape }}{% endif %}
             {% else %}
             Unknown{% endif %}
 
             {% if relay['as_name'] %}
-            {{ relay['as_name'] |truncate(length=20) }}
+            {{ relay['as_name']|escape|truncate(length=20) }}
             {% else %}
             Unknown{% endif %}
 
             {% if relay['country'] %}{% if deactivate != 'country' %}
-            {{ relay['country_name'] }}
+            {{ relay['country_name']|escape }}
             {% else %}
-            {{ relay['country_name'] }}{% endif %}
+            {{ relay['country_name']|escape }}{% endif %}
             {% else %}
             X{% endif %}
 
             {% if deactivate != 'platform' %}
-            {{ relay['platform'] }}
+            {{ relay['platform']|escape }}
             {% else %}
-            {{ relay['platform'] }}{% endif %}
+            {{ relay['platform']|escape }}{% endif %}
 
-            {% for flag in relay['flags'] %}{% if flag != 'StaleDesc' %}{{ flag }} {% endif %}{% endfor %}
+            {% for flag in relay['flags'] %}{% if flag != 'StaleDesc' %}{{ flag|escape }} {% endif %}{% endfor %}
 
             {% if relay['running'] %}
             True
             {% else %}
             False{% endif %}
 
-            {{ relay['first_seen'].split(' ', 1)[0] }}
+            {{ relay['first_seen'].split(' ', 1)[0]|escape }}
         
         {% endfor %}
     
-- 
cgit v1.2.3-54-g00ecf