Mercurial > kallithea

view docs/theme/nature/layout.html @ 7539:22da5f258118

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
pullrequests: prevent XSS in 'Potential Reviewers' list when first and last names cannot be trusted The user information passed to autocompleteFormatter from select2 is the raw data which might contain HTML markup controlled by the user. That could cause XSS issues, already when loading a PR page. To avoid that, make sure autocompleteHighlightMatch always escape user information. That makes the user safe as long as a rogue user isn't selected ...
author Mads Kiilerich <mads@kiilerich.com>
date Wed, 27 Feb 2019 02:23:26 +0100
parents 60e04a21bf0f
children ec4e69a60aae
line wrap: on
line source

{% extends "basic/layout.html" %}

{% block sidebarlogo %}
<div style="text-align:center;margin:30px 0;">
  <img src="{{pathto('_static/kallithea-logo.svg',1)}}" width="200px"/>
</div>
<h3>Support Kallithea development</h3>
<div style="text-align:center">
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="EYXFS3SQPHYUL">
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal &ndash; The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
    <div style="padding:5px">
     <a href="https://flattr.com/thing/922714/Donate-to-Software-Freedom-Conservancy" target="_blank">
     <img src="http://api.flattr.com/button/flattr-badge-large.png" alt="Flattr this" title="Flattr this" border="0" /></a>
    </div>
</div>
{% endblock %}}