</style>
<% end %>
<form action="<%= ApplicationController.root_context -%>/dependencies/index" id="search_form">
- <input type="text" name="search" value="<%= params[:search] -%>" id="search_input"> </input>
+ <input type="text" name="search" value="<%= h params[:search] -%>" id="search_input"> </input>
<input type="submit" value="<%= message('dependencies.search_library') -%>" id="search_submit"/><br/>
<p class="small gray"><%= message('dependencies.search_help') -%></p>
</form>
<tbody >
<% @groups.each do |group|%>
<tr id="group-<%= u group.name -%>">
- <td class="left"><%= group.name %></td>
- <td class="left" style="word-break:break-all"><%=group.description%></td>
+ <td class="left"><%= h group.name %></td>
+ <td class="left" style="word-break:break-all"><%= h group.description%></td>
<td class="left">
<span id="count-<%= u group.name -%>"><%= group.users.count %></span> (<%= link_to "select", { :action => 'select_user', :id => group.id}, {:id => "select-#{u group.name}", :class => 'link-action'} %>)
</td>
<h2>Non-members</h2>
<select name="from" id="from" size="30" style="margin: 5px 0pt; width: 300px;" multiple="multiple">
<% @group.available_users.sort.each do |user| %>
- <option value="<%= user.id -%>"><%= user.name -%></option>
+ <option value="<%= user.id -%>"><%= h user.name -%></option>
<% end %>
</select>
</td>
index=0
params.each do |key,value|
%>
- <%= ',' if index>0 -%>"<%= key -%>":"<%= h(value) -%>"
+ <%= ',' if index>0 -%>"<%= h(key) -%>":"<%= h(value) -%>"
<%
index+=1
end
selected_section = Navigation::SECTION_HOME
end
@project=@resource unless @project || selected_section==Navigation::SECTION_HOME
- period_param = "period=#{params[:period]}" if params[:period]
+ period_param = "period=#{h(params[:period])}" if params[:period]
%>
<div id="container">
<%= yield :header -%>
applyOptions = function (elt) {
var currentForm = $j(elt).closest('.options-form');
var params = currentForm.serialize();
- var url = '<%= ApplicationController.root_context -%>/resource/index/<%= @resource.key %>?display_title=<%= params[:display_title].to_s -%>&'+ params;
+ var url = '<%= ApplicationController.root_context -%>/resource/index/<%= h @resource.key %>?display_title=<%= h params[:display_title].to_s -%>&'+ params;
openAccordionItem(url, elt, true);
return true;
};
</script>
<form method="GET" action="<%= url_for :controller => 'resource', :action => 'index', :id => @resource.key -%>" class="options-form">
- <input type="hidden" name="tab" value="<%= params[:tab] -%>"/>
- <input type="hidden" name="metric" value="<%= params[:metric] -%>"/>
- <input type="hidden" name="period" value="<%= params[:period] -%>"/>
+ <input type="hidden" name="tab" value="<%= h params[:tab] -%>"/>
+ <input type="hidden" name="metric" value="<%= h params[:metric] -%>"/>
+ <input type="hidden" name="period" value="<%= h params[:period] -%>"/>
<table>
<tr>
projects / sonarqube.git / commitdiff