compare: correct display of special branch names in initial placeholder When a branch name contains special characters like '<' or '>', and a 'compare' operation is performed with such branch as one of the two compare sides, then the special branch name will be part of the URL, e.g. http://localhost:5000/myrepo/compare/branch@master...branch@%3Cscript%3Eblabla%3C/script%3E?other_repo=myrepo The encoded branch name is then used at page load as placeholders for the branch selection dropdowns. But, the special characters, were escaped too much, causing '<' to become &lt; in the display of the dropdown. It was not correct to use h.jshtml() to escape in the template. That applied html formatting, too much and too early. We want the raw value. h.js() gives us that, while still formatting and escaping the string so it is safe inside the script tag.

--- a/kallithea/templates/compare/compare_diff.html	Tue Feb 26 21:27:42 2019 +0100
+++ b/kallithea/templates/compare/compare_diff.html	Wed Feb 27 02:30:58 2019 +0100
@@ -151,8 +151,8 @@
     });
     }
 
-    make_revision_dropdown("#compare_org",   ${h.jshtml(c.a_repo.repo_name)},  ${h.jshtml(c.a_ref_name)},  'cache');
-    make_revision_dropdown("#compare_other", ${h.jshtml(c.cs_repo.repo_name)}, ${h.jshtml(c.cs_ref_name)}, 'cache2');
+    make_revision_dropdown("#compare_org",   ${h.js(c.a_repo.repo_name)},  ${h.js(c.a_ref_name)},  'cache');
+    make_revision_dropdown("#compare_other", ${h.js(c.cs_repo.repo_name)}, ${h.js(c.cs_ref_name)}, 'cache2');
 
     var values_changed = function() {
         var values = $('#compare_org').select2('data') && $('#compare_other').select2('data');