pagesassos/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity

fix: WTF is that twig.js? I'm dissapointed by you.

Browse source 
It really html escaping disabled by default? I can't believe that
This commit is contained in:
Matthieu Bessat 2020-08-11 12:06:33 +02:00
parent bbd822c0b8
commit ac777ca506
4 changed files with 43 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/controllers/PublicController.ts
View file

@ -51,7 +51,7 @@ export default class PublicController {
return {
_id: o._id,
name: version.name,
description: version.descriptionShort.replace(/\n/g, ' ').replace(/\"/g, '\\"'),
description: version.descriptionShort.replace(/\n/g, ' '),
thumbnail: version.thumbnail.key,
tags: version.tags === null ? 'tags_not_found' : version.tags,
slug: o.get('slugs')[o.get('slugs').length -1]

2
views/countdown.twig
View file

@ -4,7 +4,7 @@
<meta name="description" content="Découvrez la riche vie associative autour de Gaillon-Aubevoye grâce à au forum virtuel mit en place par l'Espace Condorcet" />
<meta name="keywords" content="associations,condorcet,espace condorcet,gaillon,aubevoye,forum,virtuel,centre social,village des associations" />
<meta property="og:title" content="Forum virtuel des associations">
<meta property="og:title" content="Forum virtuel des associations 2020">
<meta property="og:description" content="Découvrez la riche vie associative autour de Gaillon-Aubevoye grâce à au forum virtuel mit en place par l'Espace Condorcet">
<meta property="og:image" content="/imgs/espace_condorcet_logo.jpg">

10
views/home.twig
View file

@ -3,8 +3,8 @@
{% block head %}
<meta name="description" content="Découvrez la riche vie associative autour de Gaillon-Aubevoye grâce à au forum virtuel mit en place par l'Espace Condorcet" />
<meta name="keywords" content="associations,condorcet,espace condorcet,gaillon,aubevoye,forum,virtuel,centre social,village des associations" />
<meta property="og:title" content="Forum virtuel des associations">
<meta property="og:title" content="Forum virtuel des associations 2020">
<meta property="og:description" content="Découvrez la riche vie associative autour de Gaillon-Aubevoye grâce à au forum virtuel mit en place par l'Espace Condorcet">
<meta property="og:image" content="/imgs/espace_condorcet_logo.jpg">
{% endblock %}
@ -55,13 +55,13 @@
<svg aria-hidden="true" focusable="false" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 {{ tag.icon.width }} {{ tag.icon.height }}">
<path
fill="currentColor"
d="{{ tag.icon.path }}"
d="{{ tag.icon.path|escape('html') }}"
></path>
</svg>
</div>
<div class="nav-item-content">
<div class="nav-title">
{{ tag.name }}
{{ tag.name|escape('html') }}
</div>
<div class="nav-access">
<svg aria-hidden="true" focusable="false" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 320 512">
@ -86,7 +86,7 @@
<script>
let mediaBaseUrl = "{{ mediaBaseUrl }}"
let isProposed = {{ isProposed }}
let organizations = JSON.parse(`{{ organizationsJSON }}`)
let organizations = JSON.parse(`{{ organizationsJSON|escape('js') }}`)
</script>
<script src="/scripts/home.js"></script>
{% endblock %}

72
views/organization.twig
View file

@ -2,12 +2,12 @@
{% block title %}{{ data.name }}{% endblock %}
{% block head %}
<link rel="stylesheet" href="/styles/organization.css" />
<meta name="description" content="{{ data.descriptionShort }}">
<meta name="description" content="{{ data.descriptionShort|e }}">
{#<meta name="keywords" content="Gaillon,association,">#}
<meta property="og:title" content="{{ data.name }}">
<meta property="og:description" content="{{ data.descriptionShort }}">
<meta property="og:image" content="{{ data.thumbnail.location }}">
<meta property="og:title" content="{{ data.name|e('html') }}">
<meta property="og:description" content="{{ data.descriptionShort|e('html') }}">
<meta property="og:image" content="{{ data.thumbnail.location('html') }}">
{% endblock %}
{% block content %}
<div class="header">
@ -33,7 +33,7 @@
</div>
<div class="cover-title-container">
<h1 class="cover-title">
{{ data.name }}
{{ data.name|escape('html') }}
</h1>
{# <h4 class="cover-sub-title">
Sous titre
@ -85,7 +85,7 @@
{{ data.descriptionLong|raw }}
{% elseif data.cutDescription %}
<div class="description-cutted">
{{ data.descriptionLong }}
{{ data.descriptionLong|raw }}
</div>
<div class="description-actions-container closed">
<button class="btn description-btn">
@ -93,7 +93,7 @@
</button>
</div>
{% else %}
{{ data.descriptionShort }}
{{ data.descriptionShort|escape('html') }}
{% endif %}
</div>
</section>
@ -111,7 +111,7 @@
<div class="schedule-category">
<div class="schedule-category-header" title="Déroulez">
<div class="schedule-category-name">
{{ item.name }} {% if item.description is not empty %}<span class="separator">-</span> {{ item.description }}{% endif %}
{{ item.name|escape('html') }} {% if item.description is not empty %}<span class="separator">-</span> {{ item.description|escape('html') }}{% endif %}
</div>
<svg class="schedule-category-collapse-icon"
aria-hidden="true" focusable="false" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512">
@ -133,12 +133,12 @@
{% for when in item.when %}
<div class="schedule-category-day-container">
<div class="schedule-category-day">
{{ when.day }}
{{ when.day|escape('html') }}
</div>
<div class="schedule-category-hours">
{% for i in when.hours %}
<span>
{{ i.from }} <span class="separator">-</span> {{ i.to }}{% if not loop.last %},{% endif %}
{{ i.from|escape('html') }} <span class="separator">-</span> {{ i.to|escape('html') }}{% if not loop.last %},{% endif %}
</span>
{% endfor %}
</div>
@ -163,13 +163,13 @@
{% for item in data.pricing %}
<div class="pricing-card">
<div class="pricing-label">
{{ item.priceLabel }}
{{ item.priceLabel|escape('html') }}
</div>
<div class="pricing-name">
{{ item.name }}
{{ item.name|escape('html') }}
</div>
<div class="pricing-description">
{{ item.description }}
{{ item.description|escape('html') }}
</div>
</div>
{% endfor %}
@ -188,7 +188,7 @@
<div class="people-card">
<div class="people-header">
<div class="people-name">
{{ data.contacts.person }}
{{ data.contacts.person|escape('html') }}
</div>
<div class="people-role">
Responsable
@ -199,8 +199,8 @@
<svg class="people-contact-icon" aria-hidden="true" focusable="false" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512">
<path fill="currentColor" d="M256 8C118.941 8 8 118.919 8 256c0 137.059 110.919 248 248 248 48.154 0 95.342-14.14 135.408-40.223 12.005-7.815 14.625-24.288 5.552-35.372l-10.177-12.433c-7.671-9.371-21.179-11.667-31.373-5.129C325.92 429.757 291.314 440 256 440c-101.458 0-184-82.542-184-184S154.542 72 256 72c100.139 0 184 57.619 184 160 0 38.786-21.093 79.742-58.17 83.693-17.349-.454-16.91-12.857-13.476-30.024l23.433-121.11C394.653 149.75 383.308 136 368.225 136h-44.981a13.518 13.518 0 0 0-13.432 11.993l-.01.092c-14.697-17.901-40.448-21.775-59.971-21.775-74.58 0-137.831 62.234-137.831 151.46 0 65.303 36.785 105.87 96 105.87 26.984 0 57.369-15.637 74.991-38.333 9.522 34.104 40.613 34.103 70.71 34.103C462.609 379.41 504 307.798 504 232 504 95.653 394.023 8 256 8zm-21.68 304.43c-22.249 0-36.07-15.623-36.07-40.771 0-44.993 30.779-72.729 58.63-72.729 22.292 0 35.601 15.241 35.601 40.77 0 45.061-33.875 72.73-58.161 72.73z"></path>
</svg>
<a href="mailto:{{ data.contacts.email }}" class="people-email-content">
{{ data.contacts.email }}
<a href="mailto:{{ data.contacts.email|escape('html') }}" class="people-email-content">
{{ data.contacts.email|escape('html') }}
</a>
</div>
{% if data.contacts.phoneInt is not empty %}
@ -208,8 +208,8 @@
<svg class="people-contact-icon" aria-hidden="true" focusable="false" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512">
<path fill="currentColor" d="M493.4 24.6l-104-24c-11.3-2.6-22.9 3.3-27.5 13.9l-48 112c-4.2 9.8-1.4 21.3 6.9 28l60.6 49.6c-36 76.7-98.9 140.5-177.2 177.2l-49.6-60.6c-6.8-8.3-18.2-11.1-28-6.9l-112 48C3.9 366.5-2 378.1.6 389.4l24 104C27.1 504.2 36.7 512 48 512c256.1 0 464-207.5 464-464 0-11.2-7.7-20.9-18.6-23.4z"></path>
</svg>
<a href="telto:{{ data.contacts.phoneInt }}" class="people-email-content">
{{ data.contacts.phoneSplit }}
<a href="telto:{{ data.contacts.phoneInt|escape('html') }}" class="people-email-content">
{{ data.contacts.phoneSplit|escape('html') }}
</a>
</div>
{% endif %}
@ -219,10 +219,10 @@
<div class="people-card">
<div class="people-header">
<div class="people-name">
{{ people.name }}
{{ people.name|escape('html') }}
</div>
<div class="people-role">
{{ people.role }}
{{ people.role|escape('html') }}
</div>
</div>
<div class="people-contacts">
@ -230,16 +230,16 @@
<svg class="people-contact-icon" aria-hidden="true" focusable="false" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512">
<path fill="currentColor" d="M256 8C118.941 8 8 118.919 8 256c0 137.059 110.919 248 248 248 48.154 0 95.342-14.14 135.408-40.223 12.005-7.815 14.625-24.288 5.552-35.372l-10.177-12.433c-7.671-9.371-21.179-11.667-31.373-5.129C325.92 429.757 291.314 440 256 440c-101.458 0-184-82.542-184-184S154.542 72 256 72c100.139 0 184 57.619 184 160 0 38.786-21.093 79.742-58.17 83.693-17.349-.454-16.91-12.857-13.476-30.024l23.433-121.11C394.653 149.75 383.308 136 368.225 136h-44.981a13.518 13.518 0 0 0-13.432 11.993l-.01.092c-14.697-17.901-40.448-21.775-59.971-21.775-74.58 0-137.831 62.234-137.831 151.46 0 65.303 36.785 105.87 96 105.87 26.984 0 57.369-15.637 74.991-38.333 9.522 34.104 40.613 34.103 70.71 34.103C462.609 379.41 504 307.798 504 232 504 95.653 394.023 8 256 8zm-21.68 304.43c-22.249 0-36.07-15.623-36.07-40.771 0-44.993 30.779-72.729 58.63-72.729 22.292 0 35.601 15.241 35.601 40.77 0 45.061-33.875 72.73-58.161 72.73z"></path>
</svg>
<a href="mailto:{{ people.email }}" class="people-email-content">
{{ people.email }}
<a href="mailto:{{ people.email|escape('html') }}" class="people-email-content">
{{ people.email|escape('html') }}
</a>
</div>
<div class="people-contact phone">
<svg class="people-contact-icon" aria-hidden="true" focusable="false" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512">
<path fill="currentColor" d="M493.4 24.6l-104-24c-11.3-2.6-22.9 3.3-27.5 13.9l-48 112c-4.2 9.8-1.4 21.3 6.9 28l60.6 49.6c-36 76.7-98.9 140.5-177.2 177.2l-49.6-60.6c-6.8-8.3-18.2-11.1-28-6.9l-112 48C3.9 366.5-2 378.1.6 389.4l24 104C27.1 504.2 36.7 512 48 512c256.1 0 464-207.5 464-464 0-11.2-7.7-20.9-18.6-23.4z"></path>
</svg>
<a href="telto:{{ people.phoneInt }}" class="people-email-content">
{{ people.phoneSplit }}
<a href="telto:{{ people.phoneInt|escape('html') }}" class="people-email-content">
{{ people.phoneSplit|escape('html') }}
</a>
</div>
</div>
@ -293,7 +293,7 @@
</div>
<div class="contact-content">
{% for line in data.contacts.address %}
<div>{{ line }}</div>
<div>{{ line|escape('html') }}</div>
{% endfor %}
</div>
</div>
@ -306,8 +306,8 @@
</svg>
</div>
<div class="contact-content">
<a href="{{ data.contacts.website }}">
{{ data.contacts.website }}
<a href="{{ data.contacts.website|escape('html') }}">
{{ data.contacts.website|escape('html') }}
<svg class="external-link" aria-hidden="true" focusable="false" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512">
<path fill="currentColor" d="M432,320H400a16,16,0,0,0-16,16V448H64V128H208a16,16,0,0,0,16-16V80a16,16,0,0,0-16-16H48A48,48,0,0,0,0,112V464a48,48,0,0,0,48,48H400a48,48,0,0,0,48-48V336A16,16,0,0,0,432,320ZM488,0h-128c-21.37,0-32.05,25.91-17,41l35.73,35.73L135,320.37a24,24,0,0,0,0,34L157.67,377a24,24,0,0,0,34,0L435.28,133.32,471,169c15,15,41,4.5,41-17V24A24,24,0,0,0,488,0Z"></path>
</svg>
@ -323,12 +323,12 @@
</svg>
</div>
<div class="contact-content">
<a href="{{ data.contacts.facebook }}">
<a href="{{ data.contacts.facebook|escape('html') }}">
<span class="short">
{{ data.contacts.facebookLabel }}
{{ data.contacts.facebookLabel|escape('html') }}
</span>
<span class="long">
{{ data.contacts.facebook }}
{{ data.contacts.facebook|escape('html') }}
</span>
<svg class="external-link" aria-hidden="true" focusable="false" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512">
<path fill="currentColor" d="M432,320H400a16,16,0,0,0-16,16V448H64V128H208a16,16,0,0,0,16-16V80a16,16,0,0,0-16-16H48A48,48,0,0,0,0,112V464a48,48,0,0,0,48,48H400a48,48,0,0,0,48-48V336A16,16,0,0,0,432,320ZM488,0h-128c-21.37,0-32.05,25.91-17,41l35.73,35.73L135,320.37a24,24,0,0,0,0,34L157.67,377a24,24,0,0,0,34,0L435.28,133.32,471,169c15,15,41,4.5,41-17V24A24,24,0,0,0,488,0Z"></path>
@ -345,12 +345,12 @@
</svg>
</div>
<div class="contact-content">
<a href="{{ data.contacts.instagram }}">
<a href="{{ data.contacts.instagram|escape('html') }}">
<span class="short">
{{ data.contacts.instagramLabel }}
{{ data.contacts.instagramLabel|escape('html') }}
</span>
<span class="long">
{{ data.contacts.instagram }}
{{ data.contacts.instagram|escape('html') }}
</span>
<svg class="external-link" aria-hidden="true" focusable="false" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512">
<path fill="currentColor" d="M432,320H400a16,16,0,0,0-16,16V448H64V128H208a16,16,0,0,0,16-16V80a16,16,0,0,0-16-16H48A48,48,0,0,0,0,112V464a48,48,0,0,0,48,48H400a48,48,0,0,0,48-48V336A16,16,0,0,0,432,320ZM488,0h-128c-21.37,0-32.05,25.91-17,41l35.73,35.73L135,320.37a24,24,0,0,0,0,34L157.67,377a24,24,0,0,0,34,0L435.28,133.32,471,169c15,15,41,4.5,41-17V24A24,24,0,0,0,488,0Z"></path>
@ -367,12 +367,12 @@
</svg>
</div>
<div class="contact-content">
<a href="{{ data.contacts.twitter }}">
<a href="{{ data.contacts.twitter|escape('html') }}">
<span class="short">
{{ data.contacts.twitterLabel }}
{{ data.contacts.twitterLabel|escape('html') }}
</span>
<span class="long">
{{ data.contacts.twitter }}
{{ data.contacts.twitter|escape('html') }}
</span>
<svg class="external-link" aria-hidden="true" focusable="false" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512">
<path fill="currentColor" d="M432,320H400a16,16,0,0,0-16,16V448H64V128H208a16,16,0,0,0,16-16V80a16,16,0,0,0-16-16H48A48,48,0,0,0,0,112V464a48,48,0,0,0,48,48H400a48,48,0,0,0,48-48V336A16,16,0,0,0,432,320ZM488,0h-128c-21.37,0-32.05,25.91-17,41l35.73,35.73L135,320.37a24,24,0,0,0,0,34L157.67,377a24,24,0,0,0,34,0L435.28,133.32,471,169c15,15,41,4.5,41-17V24A24,24,0,0,0,488,0Z"></path>