Fixes xss, clickjacking & password autocompletiontags/v1.0.0
import ( | import ( | ||||
"fmt" | "fmt" | ||||
"html" | |||||
"html/template" | "html/template" | ||||
"io" | "io" | ||||
"net/http" | "net/http" | ||||
} | } | ||||
} | } | ||||
ctx.Data["CsrfToken"] = x.GetToken() | |||||
ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + x.GetToken() + `">`) | |||||
ctx.Resp.Header().Set(`X-Frame-Options`, `SAMEORIGIN`) | |||||
ctx.Data["CsrfToken"] = html.EscapeString(x.GetToken()) | |||||
ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.Data["CsrfToken"].(string) + `">`) | |||||
log.Debug("Session ID: %s", sess.ID()) | log.Debug("Session ID: %s", sess.ID()) | ||||
log.Debug("CSRF Token: %v", ctx.Data["CsrfToken"]) | log.Debug("CSRF Token: %v", ctx.Data["CsrfToken"]) | ||||
{{if .IsResetForm}} | {{if .IsResetForm}} | ||||
<div class="required inline field {{if .Err_Password}}error{{end}}"> | <div class="required inline field {{if .Err_Password}}error{{end}}"> | ||||
<label for="password">{{.i18n.Tr "password"}}</label> | <label for="password">{{.i18n.Tr "password"}}</label> | ||||
<input id="password" name="password" type="password" value="{{.password}}" autofocus required> | |||||
<input id="password" name="password" type="password" value="{{.password}}" autocomplete="off" autofocus required> | |||||
</div> | </div> | ||||
<div class="ui divider"></div> | <div class="ui divider"></div> | ||||
<div class="inline field"> | <div class="inline field"> |
</div> | </div> | ||||
<div class="required inline field {{if .Err_Password}}error{{end}}"> | <div class="required inline field {{if .Err_Password}}error{{end}}"> | ||||
<label for="password">{{.i18n.Tr "password"}}</label> | <label for="password">{{.i18n.Tr "password"}}</label> | ||||
<input id="password" name="password" type="password" value="{{.password}}" required> | |||||
<input id="password" name="password" type="password" value="{{.password}}" autocomplete="off" required> | |||||
</div> | </div> | ||||
<div class="inline field"> | <div class="inline field"> | ||||
<label></label> | <label></label> |
</div> | </div> | ||||
<div class="required inline field {{if .Err_Password}}error{{end}}"> | <div class="required inline field {{if .Err_Password}}error{{end}}"> | ||||
<label for="password">{{.i18n.Tr "password"}}</label> | <label for="password">{{.i18n.Tr "password"}}</label> | ||||
<input id="password" name="password" type="password" value="{{.password}}" required> | |||||
<input id="password" name="password" type="password" value="{{.password}}" autocomplete="off" required> | |||||
</div> | </div> | ||||
<div class="required inline field {{if .Err_Password}}error{{end}}"> | <div class="required inline field {{if .Err_Password}}error{{end}}"> | ||||
<label for="retype">{{.i18n.Tr "re_type"}}</label> | <label for="retype">{{.i18n.Tr "re_type"}}</label> | ||||
<input id="retype" name="retype" type="password" value="{{.retype}}" required> | |||||
<input id="retype" name="retype" type="password" value="{{.retype}}" autocomplete="off" required> | |||||
</div> | </div> | ||||
{{if .EnableCaptcha}} | {{if .EnableCaptcha}} | ||||
<div class="inline field"> | <div class="inline field"> |
{{.CsrfTokenHtml}} | {{.CsrfTokenHtml}} | ||||
<div class="required field {{if .Err_OldPassword}}error{{end}}"> | <div class="required field {{if .Err_OldPassword}}error{{end}}"> | ||||
<label for="old_password">{{.i18n.Tr "settings.old_password"}}</label> | <label for="old_password">{{.i18n.Tr "settings.old_password"}}</label> | ||||
<input id="old_password" name="old_password" type="password" autofocus required> | |||||
<input id="old_password" name="old_password" type="password" autocomplete="off" autofocus required> | |||||
</div> | </div> | ||||
<div class="required field {{if .Err_Password}}error{{end}}"> | <div class="required field {{if .Err_Password}}error{{end}}"> | ||||
<label for="password">{{.i18n.Tr "settings.new_password"}}</label> | <label for="password">{{.i18n.Tr "settings.new_password"}}</label> | ||||
<input id="password" name="password" type="password" required> | |||||
<input id="password" name="password" type="password" autocomplete="off" required> | |||||
</div> | </div> | ||||
<div class="required field {{if .Err_Password}}error{{end}}"> | <div class="required field {{if .Err_Password}}error{{end}}"> | ||||
<label for="retype">{{.i18n.Tr "settings.retype_new_password"}}</label> | <label for="retype">{{.i18n.Tr "settings.retype_new_password"}}</label> | ||||
<input id="retype" name="retype" type="password" required> | |||||
<input id="retype" name="retype" type="password" autocomplete="off" required> | |||||
</div> | </div> | ||||
<div class="field"> | <div class="field"> | ||||
<div class="ui info message"> | <div class="ui info message"> | ||||
<p class="text left">{{$.i18n.Tr "settings.password_change_disabled"}}</p> | <p class="text left">{{$.i18n.Tr "settings.password_change_disabled"}}</p> | ||||
</div> | </div> | ||||
{{end}} | |||||
{{end}} | |||||
</div> | </div> | ||||
</div> | </div> | ||||
</div> | </div> |