Skip to content
This repository has been archived by the owner on May 5, 2022. It is now read-only.

Commit

Permalink
VP-1629: add 'escape' where needed, remove 'escape' where unnecessary (
Browse files Browse the repository at this point in the history 
…#139)

Escaping should be done when showing data in liquid. Angular should get unescaped data.
  • Loading branch information
@yecli
yecli authored Mar 5, 2020
1 parent b56339a commit 285ac15
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 22 deletions.
4 changes: 2 additions & 2 deletions snippets/search-bar.liquid
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,5 +44,5 @@
</div>
</form>
<script>
window.searchQuery = '{{ search.keyword | escape }}';
</script>
window.searchQuery = '{{ search.keyword }}';
</script>
35 changes: 17 additions & 18 deletions templates/customers/addresses.liquid
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,29 +28,29 @@

<div class="grid-item one-half small--one-whole">
<label for="address_first_name_new">{{ 'customer.addresses.first_name' | t }}</label>
<input type="text" id="address_first_name_new" class="address_form" name="address[first_name]" value="{{ form.first_name }}" autocapitalize="words">
<input type="text" id="address_first_name_new" class="address_form" name="address[first_name]" value="{{ form.first_name | escape }}" autocapitalize="words">
</div>

<div class="grid-item one-half small--one-whole">
<label for="address_last_name_new">{{ 'customer.addresses.last_name' | t }}</label>
<input type="text" id="address_last_name_new" class="address_form" name="address[last_name]" value="{{ form.last_name }}" autocapitalize="words">
<input type="text" id="address_last_name_new" class="address_form" name="address[last_name]" value="{{ form.last_name | escape}}" autocapitalize="words">
</div>

</div>

<label for="address_company_new">{{ 'customer.addresses.company' | t }}</label>
<input type="text" id="address_company_new" class="address_form" name="address[company]" value="{{ form.company }}" autocapitalize="words">
<input type="text" id="address_company_new" class="address_form" name="address[company]" value="{{ form.company | escape}}" autocapitalize="words">

<label for="address_address1_new">{{ 'customer.addresses.address1' | t }}</label>
<input type="text" id="address_address1_new" class="address_form" name="address[address1]" value="{{ form.address1 }}" autocapitalize="words">
<input type="text" id="address_address1_new" class="address_form" name="address[address1]" value="{{ form.address1 | escape}}" autocapitalize="words">

<label for="address_address2_new">{{ 'customer.addresses.address2' | t }}</label>
<input type="text" id="address_address2_new" class="address_form" name="address[address2]" value="{{ form.address2 }}" autocapitalize="words">
<input type="text" id="address_address2_new" class="address_form" name="address[address2]" value="{{ form.address2 | escape}}" autocapitalize="words">

<div class="grid">
<div class="grid-item large--one-half">
<label for="address_city_new">{{ 'customer.addresses.city' | t }}</label>
<input type="text" id="address_city_new" class="address_form" name="address[city]" value="{{ form.city }}" autocapitalize="words">
<input type="text" id="address_city_new" class="address_form" name="address[city]" value="{{ form.city | escape}}" autocapitalize="words">
</div>

<div class="grid-item large--one-half">
Expand All @@ -60,17 +60,17 @@

<div class="grid-item" id="address_province_container_new" style="display:none">
<label for="address_province_new">{{ 'customer.addresses.province' | t }}</label>
<select id="address_province_new" class="address_form" name="address[province]" data-default="{{ form.province }}"></select>
<select id="address_province_new" class="address_form" name="address[province]" data-default="{{ form.province | escape}}"></select>
</div>

<div class="grid-item large--one-half">
<label for="address_zip_new">{{ 'customer.addresses.zip' | t }}</label>
<input type="text" id="address_zip_new" class="address_form" name="address[zip]" value="{{ form.zip }}" autocapitalize="characters">
<input type="text" id="address_zip_new" class="address_form" name="address[zip]" value="{{ form.zip | escape}}" autocapitalize="characters">
</div>

<div class="grid-item large--one-half">
<label for="address_phone_new">{{ 'customer.addresses.phone' | t }}</label>
<input type="tel" id="address_phone_new" class="address_form" name="address[phone]" value="{{ form.phone }}" placeholder="555-555-1234">
<input type="tel" id="address_phone_new" class="address_form" name="address[phone]" value="{{ form.phone | escape}}" placeholder="555-555-1234">
</div>
</div>

Expand Down Expand Up @@ -125,27 +125,26 @@

<div class="grid-item one-half small--one-whole">
<label for="address_first_name_{{ address.id }}">{{ 'customer.addresses.first_name' | t }}</label>
<input type="text" id="address_first_name_{{ address.id }}" class="address_form" name="address[first_name]" value="{{ address.first_name }}" autocapitalize="words">
<input type="text" id="address_first_name_{{ address.id }}" class="address_form" name="address[first_name]" value="{{ address.first_name | escape}}" autocapitalize="words">
</div>

<div class="grid-item one-half small--one-whole">
<label for="address_last_name_{{ address.id }}">{{ 'customer.addresses.last_name' | t }}</label>
<input type="text" id="address_last_name_{{ address.id }}" class="address_form" name="address[last_name]" value="{{ address.last_name }}" autocapitalize="words">
<input type="text" id="address_last_name_{{ address.id }}" class="address_form" name="address[last_name]" value="{{ address.last_name | escape}}" autocapitalize="words">
</div>

</div>

<label for="address_company_{{ address.id }}">{{ 'customer.addresses.company' | t }}</label>
<input type="text" id="address_company_{{ address.id }}" class="address_form" name="address[company]" value="{{ address.company }}" autocapitalize="words">
<input type="text" id="address_company_{{ address.id }}" class="address_form" name="address[company]" value="{{ address.company | escape}}" autocapitalize="words">

<label for="address_address1_{{ address.id }}">{{ 'customer.addresses.address1' | t }}</label>
<input type="text" id="address_address1_{{ address.id }}" class="address_form" name="address[address1]" value="{{ address.address1 }}" autocapitalize="words">
<input type="text" id="address_address1_{{ address.id }}" class="address_form" name="address[address1]" value="{{ address.address1 | escape}}" autocapitalize="words">

<label for="address_address2_{{ address.id }}">{{ 'customer.addresses.address2' | t }}</label>
<input type="text" id="address_address2_{{ address.id }}" class="address_form" name="address[address2]" value="{{ address.address2 }}" autocapitalize="words">
<input type="text" id="address_address2_{{ address.id }}" class="address_form" name="address[address2]" value="{{ address.address2 | escape}}" autocapitalize="words">

<label for="address_city_{{ address.id }}">{{ 'customer.addresses.city' | t }}</label>
<input type="text" id="address_city_{{ address.id }}" class="address_form" name="address[city]" value="{{ address.city }}" autocapitalize="words">
<input type="text" id="address_city_{{ address.id }}" class="address_form" name="address[city]" value="{{ address.city | escape}}" autocapitalize="words">

<label for="address_country_{{ address.id }}">{{ 'customer.addresses.country' | t }}</label>
<select id="address_country_{{ address.id }}" name="address[country]" data-default="{{ address.country }}">{{ country_option_tags }}</select>
Expand All @@ -158,12 +157,12 @@
<div class="grid">
<div class="grid-item one-half small--one-whole">
<label for="address_zip_{{ address.id }}">{{ 'customer.addresses.province' | t }}</label>
<input type="text" id="address_zip_{{ address.id }}" class="address_form" name="address[zip]" value="{{ address.zip }}" autocapitalize="characters">
<input type="text" id="address_zip_{{ address.id }}" class="address_form" name="address[zip]" value="{{ address.zip | escape}}" autocapitalize="characters">
</div>

<div class="grid-item one-half small--one-whole">
<label for="address_phone_{{ address.id }}">{{ 'customer.addresses.phone' | t }}</label>
<input type="tel" id="address_phone_{{ address.id }}" class="address_form" name="address[phone]" value="{{ address.phone }}" placeholder="555-555-1234">
<input type="tel" id="address_phone_{{ address.id }}" class="address_form" name="address[phone]" value="{{ address.phone | escape}}" placeholder="555-555-1234">
</div>
</div>

Expand Down
4 changes: 2 additions & 2 deletions templates/search.liquid
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,12 @@

{% if search_results.size == 0 %}

<h2 class="text-center">{{ 'general.search.no_results_html' | t: search.keyword }}</h2>
<h2 class="text-center">{{ 'general.search.no_results_html' | t: (search.keyword | escape) }}</h2>
{% include 'search-bar' %}

{% else %}

<h2 class="text-center">{{ 'general.search.results_for_html' | t: search.keyword }}</h2>
<h2 class="text-center">{{ 'general.search.results_for_html' | t: (search.keyword | escape) }}</h2>
{% include 'search-bar' %}
<hr class="hr--clear">

Expand Down

0 comments on commit 285ac15

Please sign in to comment.