wtf is xss?

integration-tests
Josha von Gizycki 6 years ago
parent 5541b3113d
commit a5b3a233d2

@ -1,7 +1,8 @@
(ns wanijo.framework.view (ns wanijo.framework.view
(:require [hiccup.page :refer (:require [hiccup
[html5 include-css include-js]] [page :refer [html5 include-js include-css]]
[hiccup.form :as hform] [form :as hform]
[core :refer [h]]]
[wanijo.framework.routing :refer [path]])) [wanijo.framework.routing :refer [path]]))
(defn btnlink (defn btnlink
@ -47,7 +48,8 @@
(when authed? (when authed?
[:small.app-title__hello [:small.app-title__hello
"Hi, " "Hi, "
[:a {:href (path :user-profile)} ident]])] [:a {:href (path :user-profile)}
(h ident)]])]
(when authed? (when authed?
[:section.header-content [:section.header-content
(btnlink (path :schema-overview) (btnlink (path :schema-overview)
@ -64,7 +66,7 @@
(for [schema (:schemas session)] (for [schema (:schemas session)]
[:li [:a {:href (path :instance-list [:li [:a {:href (path :instance-list
{:schema-uuid (:uuid schema)})} {:schema-uuid (:uuid schema)})}
(:name schema)]])]])] (h (:name schema))]])]])]
(into [:main (into [:main
(for [msg (:flash request)] (for [msg (:flash request)]
(flash-error msg))] (flash-error msg))]

@ -1,5 +1,7 @@
(ns wanijo.instance.view (ns wanijo.instance.view
(:require [hiccup.form :as hform] (:require [hiccup
[form :as hform]
[core :refer [h]]]
[ring.util.anti-forgery :refer [anti-forgery-field]] [ring.util.anti-forgery :refer [anti-forgery-field]]
[formulare.core :as form] [formulare.core :as form]
[wanijo.instance.domain :as domain] [wanijo.instance.domain :as domain]
@ -12,7 +14,7 @@
:request req :request req
:content :content
[[:h1 "All Instances of schema " [[:h1 "All Instances of schema "
[:span.schema-title__name (:name schema)]] [:span.schema-title__name (h (:name schema))]]
[:table [:table
[:thead [:thead
[:tr [:tr
@ -24,7 +26,7 @@
[:tr [:tr
[:td [:td
[:a {:href (path :instance-show instance)} [:a {:href (path :instance-show instance)}
(:name instance)]] (h (:name instance))]]
[:td (prettify-dt (:updated_at instance))] [:td (prettify-dt (:updated_at instance))]
[:td (prettify-dt (:created_at instance))]])]] [:td (prettify-dt (:created_at instance))]])]]
[:h1 "New Instance"] [:h1 "New Instance"]
@ -39,9 +41,9 @@
:request req :request req
:content :content
[[:h1 [[:h1
(-> instance :schema :name) (h (-> instance :schema :name))
" " " "
[:small (:name instance)]] [:small (h (:name instance))]]
[:p [:p
[:small [:a {:href (path :instance-edit-form instance)} [:small [:a {:href (path :instance-edit-form instance)}
"Edit Instance"]]] "Edit Instance"]]]
@ -49,14 +51,17 @@
:let [auuid (:uuid attr) :let [auuid (:uuid attr)
prop (first (filter #(= auuid (-> % :attribute :uuid)) prop (first (filter #(= auuid (-> % :attribute :uuid))
(:properties instance)))]] (:properties instance)))]]
(list [:em (:name attr)] (list [:em (h (:name attr))]
[:p (:value prop)]))])) [:p (h (:value prop))]))]))
(defn edit! [instance form form-data req] (defn edit! [instance form form-data req]
(view/layout! (view/layout!
:request req :request req
:content :content
[[:h1 (:name instance)] [[:h1
(h (-> instance :schema :name))
" "
[:small (h (:name instance))]]
(hform/form-to [:post (path :instance-edit instance)] (hform/form-to [:post (path :instance-edit instance)]
(form/render-widgets form form-data req) (form/render-widgets form form-data req)
(hform/submit-button "Edit!"))])) (hform/submit-button "Edit!"))]))

@ -1,5 +1,7 @@
(ns wanijo.schema.view (ns wanijo.schema.view
(:require [hiccup.form :as hform] (:require [hiccup
[form :as hform]
[core :refer [h]]]
[ring.util.anti-forgery :refer [anti-forgery-field]] [ring.util.anti-forgery :refer [anti-forgery-field]]
[formulare.core :as form] [formulare.core :as form]
[wanijo.framework.view :as view] [wanijo.framework.view :as view]
@ -26,7 +28,7 @@
[:tr [:tr
[:td [:td
[:a {:href (path :schema-show schema)} [:a {:href (path :schema-show schema)}
(:name schema)]] (h (:name schema))]]
[:td [:td
(prettify-dt (:created_at schema))]])]] (prettify-dt (:created_at schema))]])]]
[:h1 "New schema"] [:h1 "New schema"]

Loading…
Cancel
Save