Issue mozfr#381:

- escape html in result strings in entities view - also fixes bad html in table generation for both string and entities searches - whitespace changes
pascalchevrel · Oct 8, 2014 · ff0315c · ff0315c
1 parent 9203ed2
commit ff0315c
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 11 deletions.
diff --git a/app/classes/Transvision/ShowResults.php b/app/classes/Transvision/ShowResults.php
@@ -352,9 +352,7 @@ public static function resultsTable($search_results, $recherche, $locale1, $loca
                         &lt;report a bug&gt;
                       </a>
                     </div>
-                  </td>
-                </tr>";
-
+                  </td>";
             } else {
                 $extra_column_rows = '';
             }

diff --git a/app/views/results_entities.php b/app/views/results_entities.php
@@ -1,8 +1,7 @@
 <?php
 namespace Transvision;
 
-
-$table  = "<table class='collapsable'>
+$table = "<table class='collapsable'>
               <tr>
                 <th>Entity</th>
                 <th>{$source_locale}</th>
@@ -21,7 +20,6 @@
     }
 
     if ($url['path'] == '3locales') {
-
         if (isset($tmx_target2[$entity])) {
             // nbsp highlight
             $target_string2 = str_replace(' ', '<span class="highlight-gray"> </span>', $tmx_target2[$entity]);
@@ -34,7 +32,6 @@
         } else {
             $path_locale3 = VersionControl::hgPath($locale2, $check['repo'], $entity);
         }
-
     }
 
     if (isset($tmx_target[$entity])) {
@@ -44,7 +41,10 @@
         $target_string = '';
     }
 
-    $source_string = $tmx_source[$entity];
+    // Escape strings for HTML Display
+    $source_string  = Utils::secureText($tmx_source[$entity]);
+    $target_string  = Utils::secureText($target_string);
+    $target_string2 = Utils::secureText($target_string2);
 
     // 3locales view
     if ($url['path'] == '3locales') {
@@ -61,16 +61,15 @@
 
         $extra_column_rows = "
         <td dir='{$direction3}'>
-            <span class='celltitle'>{$locale3}</span>
+          <span class='celltitle'>{$locale2}</span>
             <div class='string'>{$target_string2}</div>
             <div dir='ltr' class='infos'>
               <a class='source_link' href='{$path_locale3}'>
                 <em>&lt;source&gt;</em>
               </a>
               {$file_bug}
             </div>
-          </td>
-        </tr>";
+        </td>";
 
     } else {
         $extra_column_rows = '';