1
0
mirror of https://github.com/searxng/searxng.git synced 2024-11-05 12:50:11 +01:00
searxng/searx/templates/oscar/infobox.html
Vipul 6a5aae6530
[Fix] oscar: no HTML escaping prior to output
When results are fetched from any programming related documentation site
(like git-scm.com, docs.python.org etc), content in Info box is shown as
raw HTML code.

This change addresses the issue by using "safe" filter feature provided by
Django. See,
  - https://docs.djangoproject.com/en/3.0/ref/templates/builtins/#safe
  - Searx issue tracker (issue #1649), for more information.

Resolves: #1649
2019-12-22 02:27:45 +00:00

37 lines
1.5 KiB
HTML

{% from 'oscar/macros.html' import result_link with context %}
<div class="panel panel-default infobox">
<div class="panel-heading">{{- "" -}}
<h4 class="panel-title infobox_part"><bdi>{{ infobox.infobox }}</bdi></h4>{{- "" -}}
</div>
<div class="panel-body">
{% if infobox.img_src %}<img class="img-responsive center-block infobox_part" src="{{ image_proxify(infobox.img_src) }}" alt="{{ infobox.infobox }}" />{% endif %}
{% if infobox.content %}<bdi><p class="infobox_part">{{ infobox.content | safe }}</p></bdi>{% endif %}
{% if infobox.attributes -%}
<table class="table table-striped infobox_part">
{% for attribute in infobox.attributes -%}
<tr>{{- "" -}}
<td><bdi>{{ attribute.label }}</bdi></td>
{%- if attribute.image -%}
<td><img class="img-responsive" src="{{ image_proxify(attribute.image.src) }}" alt="{{ attribute.image.alt }}" /></td>
{%- else -%}
<td><bdi>{{ attribute.value }}</bdi></td>
{%- endif -%}
</tr>
{% endfor -%}
</table>
{% endif %}
{% if infobox.urls -%}
<div class="infobox_part">{{- "\n" -}}
<bdi>
{%- for url in infobox.urls -%}
<p class="btn btn-default btn-xs">{{ result_link(url.url, url.title) }}</p>
{% endfor -%}
</bdi>{{- "" -}}
</div>
{% endif %}
</div>
</div>