Browse files

Better HTML escaping, robots.txt to prevent indexing of the API.

  • Loading branch information...
1 parent f4f3f47 commit 41c734a53972d22e35a61dd0f5ba8638215a53ae Tim Burks committed Nov 30, 2008
Showing with 26 additions and 9 deletions.
  1. +4 −0 app.yaml
  2. +11 −0 models.py
  3. +2 −0 static/robots.txt
  4. +1 −0 templates/base.html
  5. +5 −5 templates/biglist.html
  6. +3 −4 templates/radar-view.html
View
4 app.yaml
@@ -8,6 +8,10 @@ handlers:
static_files: static/favicon.ico
upload: static/favicon.ico
+- url: /robots.txt
+ static_files: static/robots.txt
+ upload: static/robots.txt
+
- url: /css
static_dir: static/css
View
11 models.py
@@ -95,3 +95,14 @@ def deleteOrBlank(self):
self.delete()
return "deleted"
+class Profile(db.Model):
+ name = db.StringProperty() # screen name
+ twitter = db.StringProperty() # twitter id
+ user = db.UserProperty()
+ radar_count = db.IntegerProperty()
+
+class Bump(db.Model):
+ radar = db.ReferenceProperty(Radar) # users can bump radars to raise their profile
+ user = db.UserProperty() # the bumping user
+ created = db.DateTimeProperty() # when the bump was added
+
View
2 static/robots.txt
@@ -0,0 +1,2 @@
+User-agent: *
+Disallow: /api/
View
1 templates/base.html
@@ -2,6 +2,7 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8"/>
+{% block meta-description %}{% endblock %}
<link href="/css/screen.css" rel="stylesheet" type="text/css"/>
<script src="/js/jquery-1.2.6.min.js" type="text/javascript" charset="utf-8"></script>
{%block additionalincludes %}{%endblock%}
View
10 templates/biglist.html
@@ -4,12 +4,12 @@
{% for radar in radars %}
<tr>
<td>
-<a href="rdar://problem/{{ radar.number }}">rdar</a>://<a href="/{{ radar.number }}">{{ radar.number }}</a>
+<a href="rdar://problem/{{ radar.number|escape }}">rdar</a>://<a href="/{{ radar.number|escape }}">{{ radar.number|escape }}</a>
</td>
-<td>{{ radar.status }}</td>
-<td>{{ radar.username }}</td>
-<td>{{ radar.product }}</td>
-<td><a href="/{{ radar.number }}">{{ radar.title }}</a></td>
+<td>{{ radar.status|escape }}</td>
+<td>{{ radar.username|escape }}</td>
+<td>{{ radar.product|escape }}</td>
+<td><a href="/{{ radar.number }}">{{ radar.title|escape }}</a></td>
</tr>
{% endfor %}
{% endif %}
View
7 templates/radar-view.html
@@ -4,22 +4,21 @@
<script src="/js/comments.js" type="text/javascript" charset="utf-8"></script>
{% endblock %}
-
-{% block title %}rdar://{{ radar.number }}: {{ radar.title|escape }}{% endblock %}
+{% block title %}rdar://{{ radar.number|escape }}: {{ radar.title|escape }}{% endblock %}
{% block content %}
<h3>{{ radar.title|escape }}</h3>
<div>
<table>
-<tr><td>Originator:</td><td style="min-width:200px">{{ radar.username }}</td>
+<tr><td>Originator:</td><td style="min-width:200px">{{ radar.username|escape }}</td>
{% if mine %}
<td><a href="/myradars/edit?id={{ radar.key.id }}">Modify My Radar</a></td>
{% else %}
<td></td>
{% endif %}
</tr>
-<tr><td>Number:</td><td><a href="rdar://problem/{{ radar.number }}">rdar</a>://<a href="/{{radar.number}}">{{ radar.number }}</a></td>
+<tr><td>Number:</td><td><a href="rdar://problem/{{ radar.number|escape }}">rdar</a>://<a href="/{{radar.number}}">{{ radar.number|escape }}</a></td>
<td>Date Originated:</td><td>{{ radar.originated|default_if_none:"" }}</td></tr>
<tr><td>Status:</td><td>{{ radar.status|default_if_none:"" }}</td>

0 comments on commit 41c734a

Please sign in to comment.