From 65d859251d74f7800d6c08d14b1cc5f516b5be4f Mon Sep 17 00:00:00 2001
From: Sean McArthur <sean.monstar@gmail.com>
Date: Fri, 7 Sep 2012 14:47:23 -0700
Subject: [PATCH] updating templates, since <%= escapes content by default now

---
 resources/static/dialog/views/authenticate.ejs        | 4 ++--
 resources/static/dialog/views/confirm_email.ejs       | 4 ++--
 resources/static/dialog/views/error.ejs               | 2 +-
 resources/static/dialog/views/required_email.ejs      | 2 +-
 resources/static/dialog/views/rp_info.ejs             | 2 +-
 resources/static/dialog/views/set_password.ejs        | 2 +-
 resources/static/dialog/views/verify_primary_user.ejs | 2 +-
 7 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/resources/static/dialog/views/authenticate.ejs b/resources/static/dialog/views/authenticate.ejs
index 285c4f58a..99e82cad3 100644
--- a/resources/static/dialog/views/authenticate.ejs
+++ b/resources/static/dialog/views/authenticate.ejs
@@ -4,7 +4,7 @@
 
   <div class="form_section">
       <p class="start">
-          <%= format(gettext('%s uses Persona instead of usernames to sign you in.'), ["<strong>" + siteName +"</strong>"]) %>
+          <%- format(gettext('%s uses Persona instead of usernames to sign you in.'), ["<strong>" + escape(siteName) +"</strong>"]) %>
 
       </p>
 
@@ -58,7 +58,7 @@
 
 
       <p class="submit tospp">
-         <%= format(gettext("By proceeding, you agree to %(site)'s <a %(terms)>Terms</a> and <a %(privacy)>Privacy Policy</a>."),
+         <%- format(gettext("By proceeding, you agree to %(site)'s <a %(terms)>Terms</a> and <a %(privacy)>Privacy Policy</a>."),
                     { site: "Persona",
                       terms: 'href="https://login.persona.org/tos" target="_new"',
                       privacy: 'href="https://login.persona.org/privacy" target="_new"' }) %>
diff --git a/resources/static/dialog/views/confirm_email.ejs b/resources/static/dialog/views/confirm_email.ejs
index a796667bc..853019e62 100644
--- a/resources/static/dialog/views/confirm_email.ejs
+++ b/resources/static/dialog/views/confirm_email.ejs
@@ -5,10 +5,10 @@
     <h2><%= gettext('Confirm your email address') %></h2>
 
     <p>
-      <%= format(gettext('Check your email at %s.'), ["<strong>" + email + "</strong>"]) %>
+      <%- format(gettext('Check your email at %s.'), ["<strong>" + escape(email) + "</strong>"]) %>
     </p>
 
     <p>
-      <%= format(gettext('Click the link in the confirmation email. You\'ll then immediately be signed in to %s.'), ["<strong>" + siteName + "</strong>"]) %>
+      <%- format(gettext('Click the link in the confirmation email. You\'ll then immediately be signed in to %s.'), ["<strong>" + escape(siteName) + "</strong>"]) %>
     </p>
 
diff --git a/resources/static/dialog/views/error.ejs b/resources/static/dialog/views/error.ejs
index 14f7c8f39..c32abe179 100644
--- a/resources/static/dialog/views/error.ejs
+++ b/resources/static/dialog/views/error.ejs
@@ -13,7 +13,7 @@
     <h2 id="error_403">
       <%= gettext("Persona requires cookies to remember you.") %>
     </h2>
-    <%= format(gettext("Please close this window, <a %s>enable cookies</a> and try again"), [" target='_blank' href='http://support.mozilla.org/kb/Websites%20say%20cookies%20are%20blocked'"]) %>
+    <%- format(gettext("Please close this window, <a %s>enable cookies</a> and try again"), [" target='_blank' href='http://support.mozilla.org/kb/Websites%20say%20cookies%20are%20blocked'"]) %>
   <% } else if(typeof title === "string") { %>
     <h2>
       <span class="emphasis"><%= title %></span>
diff --git a/resources/static/dialog/views/required_email.ejs b/resources/static/dialog/views/required_email.ejs
index 500327fbf..2934b4298 100644
--- a/resources/static/dialog/views/required_email.ejs
+++ b/resources/static/dialog/views/required_email.ejs
@@ -63,7 +63,7 @@
           </p>
           <% if (personaTOSPP) { %>
             <p class="tospp">
-               <%= format(gettext("By proceeding, you agree to %(site)'s <a %(terms)>Terms</a> and <a %(privacy)>Privacy Policy</a>."),
+               <%- format(gettext("By proceeding, you agree to %(site)'s <a %(terms)>Terms</a> and <a %(privacy)>Privacy Policy</a>."),
                           { site: "Persona",
                             terms: 'href="https://login.persona.org/tos" target="_new"',
                             privacy: 'href="https://login.persona.org/privacy" target="_new"' }) %>
diff --git a/resources/static/dialog/views/rp_info.ejs b/resources/static/dialog/views/rp_info.ejs
index 4ae1e5a07..43a4b3140 100644
--- a/resources/static/dialog/views/rp_info.ejs
+++ b/resources/static/dialog/views/rp_info.ejs
@@ -19,7 +19,7 @@
 
 <% if(privacyPolicy && termsOfService) { %>
   <p id="rptospp" class="tospp">
-    <%= format(gettext("By proceeding, you agree to %(site)'s <a %(terms)>Terms</a> and <a %(privacy)>Privacy Policy</a>."),
+    <%- format(gettext("By proceeding, you agree to %(site)'s <a %(terms)>Terms</a> and <a %(privacy)>Privacy Policy</a>."),
                {
                  terms: 'href="' + termsOfService + '" id="rp_tos" target="_blank"',
                  privacy: 'href="' + privacyPolicy + '" id="rp_pp" target="_blank"',
diff --git a/resources/static/dialog/views/set_password.ejs b/resources/static/dialog/views/set_password.ejs
index 74a75f3d1..ed213f783 100644
--- a/resources/static/dialog/views/set_password.ejs
+++ b/resources/static/dialog/views/set_password.ejs
@@ -71,7 +71,7 @@
 
       <% if (personaTOSPP) { %>
         <p id="persona_tospp" class="submit tospp">
-            <%= format(gettext("By proceeding, you agree to %(site)'s <a %(terms)>Terms</a> and <a %(privacy)>Privacy Policy</a>."),
+            <%- format(gettext("By proceeding, you agree to %(site)'s <a %(terms)>Terms</a> and <a %(privacy)>Privacy Policy</a>."),
                        { site: "Persona",
                          terms: 'href="https://login.persona.org/tos" target="_new"',
                          privacy: 'href="https://login.persona.org/privacy" target="_new"' }) %>
diff --git a/resources/static/dialog/views/verify_primary_user.ejs b/resources/static/dialog/views/verify_primary_user.ejs
index 695924ac8..76f26652e 100644
--- a/resources/static/dialog/views/verify_primary_user.ejs
+++ b/resources/static/dialog/views/verify_primary_user.ejs
@@ -22,7 +22,7 @@
 
     <% if (personaTOSPP) { %>
       <p id="persona_tospp" class="submit tospp">
-         <%= format(gettext("By proceeding, you agree to %(site)'s <a %(terms)>Terms</a> and <a %(privacy)>Privacy Policy</a>."),
+         <%- format(gettext("By proceeding, you agree to %(site)'s <a %(terms)>Terms</a> and <a %(privacy)>Privacy Policy</a>."),
                     { site: "Persona",
                       terms: 'href="https://login.persona.org/tos" target="_new"',
                       privacy: 'href="https://login.persona.org/privacy" target="_new"' }) %>
-- 
GitLab