diff --git a/deluge/ui/web/js/deluge-all/EditTrackersWindow.js b/deluge/ui/web/js/deluge-all/EditTrackersWindow.js
index f6733aaa6..178fd583f 100644
--- a/deluge/ui/web/js/deluge-all/EditTrackersWindow.js
+++ b/deluge/ui/web/js/deluge-all/EditTrackersWindow.js
@@ -57,6 +57,7 @@ Deluge.EditTrackersWindow = Ext.extend(Ext.Window, {
header: _('Tracker'),
width: 0.9,
dataIndex: 'url',
+ tpl: new Ext.XTemplate('{url:htmlEncode}'),
},
],
columnSort: {
diff --git a/deluge/ui/web/js/deluge-all/FilterPanel.js b/deluge/ui/web/js/deluge-all/FilterPanel.js
index b6e5ec5ca..f1fade120 100644
--- a/deluge/ui/web/js/deluge-all/FilterPanel.js
+++ b/deluge/ui/web/js/deluge-all/FilterPanel.js
@@ -171,5 +171,5 @@ Deluge.FilterPanel.templates = {
tracker_host:
'{filter} ({count})
',
+ 'tracker/{filter});">{filter:htmlEncode} ({count})',
};
diff --git a/deluge/ui/web/js/deluge-all/TorrentGrid.js b/deluge/ui/web/js/deluge-all/TorrentGrid.js
index 198ec279f..ded3fb03b 100644
--- a/deluge/ui/web/js/deluge-all/TorrentGrid.js
+++ b/deluge/ui/web/js/deluge-all/TorrentGrid.js
@@ -17,7 +17,7 @@
return String.format(
'{1}
',
r.data['state'].toLowerCase(),
- value
+ Ext.util.Format.htmlEncode(value)
);
}
function torrentSpeedRenderer(value) {
@@ -62,7 +62,7 @@
'{0}
',
- value
+ Ext.util.Format.htmlEncode(value)
);
}
diff --git a/deluge/ui/web/js/deluge-all/add/AddWindow.js b/deluge/ui/web/js/deluge-all/add/AddWindow.js
index a4aff067b..771543de3 100644
--- a/deluge/ui/web/js/deluge-all/add/AddWindow.js
+++ b/deluge/ui/web/js/deluge-all/add/AddWindow.js
@@ -93,6 +93,9 @@ Deluge.add.AddWindow = Ext.extend(Deluge.add.Window, {
sortable: true,
renderer: torrentRenderer,
dataIndex: 'text',
+ tpl: new Ext.XTemplate(
+ '{text:htmlEncode}
'
+ ),
},
],
stripeRows: true,
diff --git a/deluge/ui/web/js/deluge-all/add/FilesTab.js b/deluge/ui/web/js/deluge-all/add/FilesTab.js
index fed52282d..d712c023d 100644
--- a/deluge/ui/web/js/deluge-all/add/FilesTab.js
+++ b/deluge/ui/web/js/deluge-all/add/FilesTab.js
@@ -28,6 +28,7 @@ Deluge.add.FilesTab = Ext.extend(Ext.ux.tree.TreeGrid, {
header: _('Filename'),
width: 295,
dataIndex: 'filename',
+ tpl: new Ext.XTemplate('{filename:htmlEncode}'),
},
{
header: _('Size'),
diff --git a/deluge/ui/web/js/deluge-all/details/DetailsTab.js b/deluge/ui/web/js/deluge-all/details/DetailsTab.js
index fdb4f7f0d..f1da178b1 100644
--- a/deluge/ui/web/js/deluge-all/details/DetailsTab.js
+++ b/deluge/ui/web/js/deluge-all/details/DetailsTab.js
@@ -91,7 +91,9 @@ Deluge.details.DetailsTab = Ext.extend(Ext.Panel, {
for (var field in this.fields) {
if (!Ext.isDefined(data[field])) continue; // This is a field we are not responsible for.
if (data[field] == this.oldData[field]) continue;
- this.fields[field].dom.innerHTML = Ext.escapeHTML(data[field]);
+ this.fields[field].dom.innerHTML = Ext.util.Format.htmlEncode(
+ data[field]
+ );
}
this.oldData = data;
},
diff --git a/deluge/ui/web/js/deluge-all/details/FilesTab.js b/deluge/ui/web/js/deluge-all/details/FilesTab.js
index edc388d19..60de832a6 100644
--- a/deluge/ui/web/js/deluge-all/details/FilesTab.js
+++ b/deluge/ui/web/js/deluge-all/details/FilesTab.js
@@ -18,6 +18,7 @@ Deluge.details.FilesTab = Ext.extend(Ext.ux.tree.TreeGrid, {
header: _('Filename'),
width: 330,
dataIndex: 'filename',
+ tpl: new Ext.XTemplate('{filename:htmlEncode}'),
},
{
header: _('Size'),
diff --git a/deluge/ui/web/js/deluge-all/details/PeersTab.js b/deluge/ui/web/js/deluge-all/details/PeersTab.js
index 66d4a4b95..a1919630d 100644
--- a/deluge/ui/web/js/deluge-all/details/PeersTab.js
+++ b/deluge/ui/web/js/deluge-all/details/PeersTab.js
@@ -73,7 +73,7 @@
header: _('Client'),
width: 125,
sortable: true,
- renderer: fplain,
+ renderer: 'htmlEncode',
dataIndex: 'client',
},
{