Remove unnecessary use of "safe" template tag.

This tag marks a variable as not requiring escaping by the template engine, potentially creating cross-site scripting vulnerabilities, so shouldn't be used unless absolutely necessary. In these cases, I don't think it's necessary.
2021-12-17 21:55:47 +11:00 · 2021-12-17 21:55:47 +11:00 · 14abe07a4a
commit 14abe07a4a
parent d11ed137fa
10 changed files with 14 additions and 14 deletions
--- a/www/conservancy/templates/blog/entry_detail.html
+++ b/www/conservancy/templates/blog/entry_detail.html
@ -6,7 +6,7 @@
 {% include "opengraph_urllist_partial.html" with property='video' urls=object.get_one_video_url %}
 {% endblock %}
-{% block subtitle %}{{ object.headline|striptags|safe }} - Conservancy Blog - {% endblock %}
+{% block subtitle %}{{ object.headline|striptags }} - Conservancy Blog - {% endblock %}
 {% block content %}
 <div class="breadcrumbs">
--- a/www/conservancy/templates/blog/entry_partial.html
+++ b/www/conservancy/templates/blog/entry_partial.html
@ -18,7 +18,7 @@ This partial accepts these optional parameters:
 <{{ htag|default:"h3" }} class="clear"
  >{% if show|default:"body" != "body" %}<a href="{{ entry.get_absolute_url }}"
-  >{% endif %}{{ entry.headline|safe }}{% if show|default:"body" != "body" %}</a>{% endif %}</{{ htag|default:"h3" }}>
+  >{% endif %}{{ entry.headline }}{% if show|default:"body" != "body" %}</a>{% endif %}</{{ htag|default:"h3" }}>
 {% if show != "headline" %}
 <p class="date">by <span class="author">{{ entry.author.formal_name }}</span>
--- a/www/conservancy/templates/feeds/blog_title.html
+++ b/www/conservancy/templates/feeds/blog_title.html
@ -1 +1 @@
-{{ obj.headline|striptags|safe }}
+{{ obj.headline|striptags }}
--- a/www/conservancy/templates/feeds/news_description.html
+++ b/www/conservancy/templates/feeds/news_description.html
@ -1,3 +1,3 @@
-{% if obj.subhead %}<p><strong>{{ obj.subhead|safe }}</strong></p>{% endif %}
+{% if obj.subhead %}<p><strong>{{ obj.subhead }}</strong></p>{% endif %}
 {{ obj.summary|safe }}
 {{ obj.body|safe }}
--- a/www/conservancy/templates/feeds/news_title.html
+++ b/www/conservancy/templates/feeds/news_title.html
@ -1 +1 @@
-{{ obj.headline|striptags|safe }}
+{{ obj.headline|striptags }}
--- a/www/conservancy/templates/frontpage.html
+++ b/www/conservancy/templates/frontpage.html
@ -104,7 +104,7 @@ strategies that defend FOSS (such as copyleft). <a href="/about" class="orange">
 <!-- <h2>Support Conservancy</h2>
     <p>As a 501(c)(3) non-profit charity, Conservancy relies on
     charitable donations for its operations.
-     Please join {{supporters_count|safe}} others and <a href="/sustainer/"><strong>become a Conservancy Sustainer
+     Please join {{ supporters_count }} others and <a href="/sustainer/"><strong>become a Conservancy Sustainer
     today</strong></a> and/or <a href="/donate/">donate generously</a> to help our work!
     </p>
--- a/www/conservancy/templates/news/pressrelease_detail.html
+++ b/www/conservancy/templates/news/pressrelease_detail.html
@ -6,7 +6,7 @@
 {% include "opengraph_urllist_partial.html" with property='video' urls=object.get_one_video_url %}
 {% endblock %}
-{% block subtitle %}{{ object.headline|striptags|safe }} - {% endblock %}
+{% block subtitle %}{{ object.headline|striptags }} - {% endblock %}
 {% block content %}
--- a/www/conservancy/templates/news/pressrelease_partial.html
+++ b/www/conservancy/templates/news/pressrelease_partial.html
@ -19,13 +19,13 @@ This partial accepts these optional parameters:
 <{{ htag|default:"h3" }} class="clear"
  >{% if show|default:"body" != "body" %}<a href="{{ pressr.get_absolute_url }}"
-  >{% endif %}{{ pressr.headline|safe }}{% if show|default:"body" != "body" %}</a>{% endif %}</{{ htag|default:"h3" }}>
+  >{% endif %}{{ pressr.headline }}{% if show|default:"body" != "body" %}</a>{% endif %}</{{ htag|default:"h3" }}>
 {% if show != "headline" %}
 {% if show != "dateline" and pressr.subhead %}
  {# This filter sequence generates the "next" hN tag from htag #}
  <h{{ htag|default:"3"|last|get_digit:1|add:1 }}
-     >{{ pressr.subhead|safe }}</h{{ htag|default:"3"|last|get_digit:1|add:1 }}>
+     >{{ pressr.subhead }}</h{{ htag|default:"3"|last|get_digit:1|add:1 }}>
 {% endif %}
 <p class="date">{{ pressr.pub_date|date:"F j, Y" }}</p>
--- a/www/conservancy/templates/opengraph_partial.html
+++ b/www/conservancy/templates/opengraph_partial.html
@ -36,9 +36,9 @@ normally shouldn't need to:
 {% endif %}
 {% if title %}
-<meta property="og:title" content="{{ title|striptags|safe }}">
+<meta property="og:title" content="{{ title|striptags }}">
 {% endif %}
 {% if description %}
-<meta property="og:description" content="{{ description|striptags|safe }}">
+<meta property="og:description" content="{{ description|striptags }}">
 {% endif %}
--- a/www/conservancy/templates/sponsors.html
+++ b/www/conservancy/templates/sponsors.html
@ -52,16 +52,16 @@ any of its sponsors.</p>
 <br/>
 <h2>Sustainers</h2>
-<p>Conservancy currently has {{supporters_count|safe}} Sustainers.
+<p>Conservancy currently has {{ supporters_count }} Sustainers.
  Conservancy Sustainers are individuals (or small companies) who give $120
  or more annually as part of <a href="/sustainer/">the Official Conservancy
  Sustainer program</a>.  Those who request public acknowledgment are listed
  here in order by the date when they first joined the Sustainer program:</p>
 <ul id="sustainers">
-<li>Anonymous ({{anonymous_count|safe}} people)</li>
+<li>Anonymous ({{ anonymous_count }} people)</li>
 {% for ss in supporters %}
-<li>{{ ss.display_name|safe }}</li>
+<li>{{ ss.display_name }}</li>
 {% endfor %}
 </ul>
`@ -1 +1 @@`
	`{{ obj.headline\|striptags\|safe }}`	`{{ obj.headline\|striptags }}`